Summary
The weblinks module of XOOPS contains a file named 'myheader.php' in /modules/mylinks/ directory. The code of the module insufficently filters out user provided data. The URL parameter used by 'myheader.php' can be used to insert malicious HTML and/or JavaScript in to the web page.
Solution
Upgrade to the latest version of XOOPS.
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Mac OS X)
- Apple Safari Secure Cookie Security Bypass Vulnerability (Windows)
- Adobe Reader Plugin Signature Bypass Vulnerability (Linux)
- Apple iTunes Insecure Permissions Privilege Escalation Vulnerability (Mac OS X)
- Apple Safari Multiple Vulnerabilities