Description

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to include/formdhtmltextarea_preview.php or (2) img BBCODE tag within the message parameter to pmlite.php (aka Private Message). NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2011-4565

Related Vulnerabilities

WordPress Plugin Booking Privilege Escalation (2.4)

WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions SQL Injection (2.9.7)

Internet Information Services Other Vulnerability (CVE-2000-0126)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-27949)

WordPress Plugin Simple Page Ordering Cross-Site Scripting (2.2.1)

Severity

Medium

Classification

CVE-2011-4565 CWE-707

Tags

Missing Update Known Vulnerabilities