CVE-2008-7140: Multiple cross-site scripting (XSS) vulnerabilities in @lex Guestbook 4.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML ...

Description

Multiple cross-site scripting (XSS) vulnerabilities in @lex Guestbook 4.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) language_setup parameter to setup.php or (2) test parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: a third party has been reported that the test parameter is not used in @lex Guestbook.

Metrics

EPSS Probability

1.48%

70.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Alexguestbook	\@Lex Guestbook	<= 4.0.5
Alexguestbook	\@Lex Guestbook	3.12
Alexguestbook	\@Lex Guestbook	3.13
Alexguestbook	\@Lex Guestbook	4.0.1
Alexguestbook	\@Lex Guestbook	4.0.2
Alexguestbook	\@Lex Guestbook	4.0.4

References

Timeline

Published: Sep 1, 2009
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2008-7140?

Multiple cross-site scripting (XSS) vulnerabilities in @lex Guestbook 4.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) language_setup parameter to setup.php or (2) test parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: a third party has been reported that the test parameter is not used in @lex Guestbook.

How severe is CVE-2008-7140?

Severity scoring for CVE-2008-7140 is pending analysis. The EPSS model estimates a 1.48% probability of exploitation in the next 30 days.

How do I fix CVE-2008-7140?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.