Description

Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT Downloads Plus (rmdp) module 1.5 and 1.7 for Xoops allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to search.php and the (2) id parameter to down.php.

Remediation

References

CVE-2008-4435

Related Vulnerabilities

WordPress Plugin Page Builder:KingComposer-Free Drag and Drop page builder by King-Theme Cross-Site Scripting (2.8.2)

PrestaShop Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2018-7491)

Oracle JRE CVE-2020-2778 Vulnerability (CVE-2020-2778)

Ruby on Rails Improper Input Validation Vulnerability (CVE-2008-7248)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-10968)

Severity

Medium

Classification

CVE-2008-4435 CWE-707

Tags

Missing Update Known Vulnerabilities