Xoops Viewtopic.php Cross Site Scripting Vulnerability Network Vulnerability

Summary

The remote web server contains a PHP script that is prone to cross- site scripting attacks. Description : The weblinks module of XOOPS contains a file named 'viewtopic.php' in the '/modules/newbb' directory. The code of the module insufficently filters out user provided data. The URL parameter used by 'viewtopic.php' can be used to insert malicious HTML and/or JavaScript in to the web page.

Solution

Unknown at this time.

References

http://www.securitytracker.com/alerts/2004/Jan/1008849.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2004-2756
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
A Really Simple Chat Multiple XSS Vulnerabilities
AMSI 'file' Parameter Directory Traversal Vulnerability
Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
Apache ActiveMQ Multiple Vulnerabilities

Xoops viewtopic.php Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities