Summary
XOOPS is prone to an HTTP-header-injection vulnerability and an arbitrary-file- deletion vulnerability.
By inserting arbitrary headers into an HTTP response, attackers may be able to launch various attacks, including cross-site request forgery, cross-site scripting, and HTTP-request smuggling.
Successful file-deletion exploits may corrupt data and cause denial-of- service conditions.
XOOPS 2.4.3 is vulnerable
other versions may also be affected.
References
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Apache Archiva Multiple Vulnerabilities
- An Image Gallery Multiple Cross-Site Scripting Vulnerability
- AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
- Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability
- Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability