Description

Cross-site scripting (XSS) vulnerability in the Bluemoon, Inc. (1) BackPack 0.91 and earlier, (2) BmSurvey 0.84 and earlier, (3) newbb_fileup 1.83 and earlier, (4) News_embed (news_fileup) 1.44 and earlier, and (5) PopnupBlog 3.19 and earlier modules for XOOPS 2.0.x, XOOPS Cube 2.1, and ImpressCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

CVE-2008-2035

Related Vulnerabilities

jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41183)

MySQL CVE-2016-0663 Vulnerability (CVE-2016-0663)

WordPress Plugin Product Reviews Import Export for WooCommerce CSV Injection (1.4.8)

Ruby on Rails Missing Encryption of Sensitive Data Vulnerability (CVE-2010-3299)

Internet Information Services Improper Input Validation Vulnerability (CVE-2009-4445)

Severity

Medium

Classification

CVE-2008-2035 CWE-707

Tags

Missing Update Known Vulnerabilities