WEB APPLICATION VULNERABILITIES Standard & Premium

XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4565)

Description

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to include/formdhtmltextarea_preview.php or (2) img BBCODE tag within the message parameter to pmlite.php (aka Private Message). NOTE: some of these details are obtained from third party information.

Remediation

References

Related Vulnerabilities

phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-10804)

WordPress Plugin WP Jobs SQL Injection (1.4)

WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.16)

Serendipity Other Vulnerability (CVE-2005-1450)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16780)

Severity

Medium

Classification

CVE-2011-4565 CWE-707

Tags

Missing Update Known Vulnerabilities