{"api_version":"1","generated_at":"2026-04-27T07:01:35+00:00","cve":"CVE-2008-6924","urls":{"html":"https://cve.report/CVE-2008-6924","api":"https://cve.report/api/cve/CVE-2008-6924.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2008-6924","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2008-6924"},"summary":{"title":"CVE-2008-6924","description":"Multiple cross-site scripting (XSS) vulnerabilities in register.php in eSyndiCat Directory 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) email, (3) password, (4) password2, (5) security_code, and (6) register parameters.","state":"PUBLISHED","assigner":"mitre","published_at":"2009-08-10 20:30:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-79","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://secunia.com/advisories/31041","name":"http://secunia.com/advisories/31041","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"eSyndiCat Directory Software Pro \"register.php\" Cross-Site Scripting - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/46908","name":"http://www.osvdb.org/46908","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://packetstorm.linuxsecurity.com/0807-exploits/esyndicat-xss.txt","name":"http://packetstorm.linuxsecurity.com/0807-exploits/esyndicat-xss.txt","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43715","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43715","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/30178","name":"http://www.securityfocus.com/bid/30178","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"eSyndiCat 'register.php' Multiple Cross Site Scripting Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2008-6924","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-6924","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2008","cve_id":"6924","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"intelliants","cpe5":"esyndicat","cpe6":"2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T11:49:02.640Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"http://packetstorm.linuxsecurity.com/0807-exploits/esyndicat-xss.txt"},{"name":"46908","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/46908"},{"name":"esyndicat-register-xss(43715)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43715"},{"name":"31041","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/31041"},{"name":"30178","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/30178"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2008-07-10T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in register.php in eSyndiCat Directory 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) email, (3) password, (4) password2, (5) security_code, and (6) register parameters."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-16T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_MISC"],"url":"http://packetstorm.linuxsecurity.com/0807-exploits/esyndicat-xss.txt"},{"name":"46908","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/46908"},{"name":"esyndicat-register-xss(43715)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43715"},{"name":"31041","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/31041"},{"name":"30178","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/30178"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2008-6924","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site scripting (XSS) vulnerabilities in register.php in eSyndiCat Directory 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) email, (3) password, (4) password2, (5) security_code, and (6) register parameters."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://packetstorm.linuxsecurity.com/0807-exploits/esyndicat-xss.txt","refsource":"MISC","url":"http://packetstorm.linuxsecurity.com/0807-exploits/esyndicat-xss.txt"},{"name":"46908","refsource":"OSVDB","url":"http://www.osvdb.org/46908"},{"name":"esyndicat-register-xss(43715)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43715"},{"name":"31041","refsource":"SECUNIA","url":"http://secunia.com/advisories/31041"},{"name":"30178","refsource":"BID","url":"http://www.securityfocus.com/bid/30178"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2008-6924","datePublished":"2009-08-10T20:00:00.000Z","dateReserved":"2009-08-10T00:00:00.000Z","dateUpdated":"2024-08-07T11:49:02.640Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2009-08-10 20:30:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-79","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:intelliants:esyndicat:2.2:*:*:*:*:*:*:*","matchCriteriaId":"305ED00F-4304-46F7-AC55-0EAB491678C2"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2008","CveId":"6924","Ordinal":"1","Title":"CVE-2008-6924","CVE":"CVE-2008-6924","Year":"2008"},"notes":[{"CveYear":"2008","CveId":"6924","Ordinal":"1","NoteData":"Multiple cross-site scripting (XSS) vulnerabilities in register.php in eSyndiCat Directory 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) email, (3) password, (4) password2, (5) security_code, and (6) register parameters.","Type":"Description","Title":"CVE-2008-6924"},{"CveYear":"2008","CveId":"6924","Ordinal":"2","NoteData":"2009-08-10","Type":"Other","Title":"Published"},{"CveYear":"2008","CveId":"6924","Ordinal":"3","NoteData":"2017-08-16","Type":"Other","Title":"Modified"}]}}}