Description

Cross-site scripting (XSS) vulnerability in the Bluemoon, Inc. (1) BackPack 0.91 and earlier, (2) BmSurvey 0.84 and earlier, (3) newbb_fileup 1.83 and earlier, (4) News_embed (news_fileup) 1.44 and earlier, and (5) PopnupBlog 3.19 and earlier modules for XOOPS 2.0.x, XOOPS Cube 2.1, and ImpressCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

CVE-2008-2035

Related Vulnerabilities

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0790)

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2007-4893)

Joomla! Core 1.5.x Security Bypass (1.5.0 - 1.5.5)

ownCloud Improper Access Control Vulnerability (CVE-2016-9468)

WordPress Plugin WP Smart Image II Cross-Site Scripting (0.2)

Severity

Medium

Classification

CVE-2008-2035 CWE-707

Tags

Missing Update Known Vulnerabilities