Description
Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT Downloads Plus (rmdp) module 1.5 and 1.7 for Xoops allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to search.php and the (2) id parameter to down.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Carts Guru PHP Object Injection (1.4.5)
Joomla Other Vulnerability (CVE-2006-7008)
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2021-34520)
WordPress Plugin Duplicator-WordPress Migration Cross-Site Scripting (1.2.28)
WordPress Plugin Download from files Arbitrary File Upload (1.48)