Xoops Myheader.php URL Cross Site Scripting Vulnerability Network Vulnerability

Summary

The weblinks module of XOOPS contains a file named 'myheader.php' in /modules/mylinks/ directory. The code of the module insufficently filters out user provided data. The URL parameter used by 'myheader.php' can be used to insert malicious HTML and/or JavaScript in to the web page.

Solution

Upgrade to the latest version of XOOPS.

Severity

Classification

CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Mac OS X)
Apple Safari Secure Cookie Security Bypass Vulnerability (Windows)
Adobe Reader Plugin Signature Bypass Vulnerability (Linux)
Apple iTunes Insecure Permissions Privilege Escalation Vulnerability (Mac OS X)
Apple Safari Multiple Vulnerabilities

Xoops myheader.php URL Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities