CVE-2008-3344

Multiple cross-site scripting (XSS) vulnerabilities in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a allow remote attackers to inject arbitrary web script or HTML via the (1) ResultHtml, (2) dir, (3) SenderName, (4) RecipientName, (5) SenderMail, and (6) RecipientMail parameters.

Link	Resource
http://marc.info/?l=bugtraq&m=121665294304071&w=2	Patch
http://www.securityfocus.com/bid/30328
http://secunia.com/advisories/31192	Vendor Advisory
http://securityreason.com/securityalert/4049
https://exchange.xforce.ibmcloud.com/vulnerabilities/43923

Configuration 1

cpe:2.3:a:myiosoft:easye-cards:3.5:*:trial:*:*:*:*:* cpe:2.3:a:myiosoft:easye-cards:3.10:a:*:*:*:*:*:*

---

Published : 2008-07-28 04:41

Updated : 2017-08-08 01:31

---

NVD link : CVE-2008-3344

Mitre link : CVE-2008-3344

No products.

CWE-79