Description

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php.

Remediation

References

CVE-2005-2112

Related Vulnerabilities

WordPress Plugin mySTAT 'mystat.php' SQL Injection (2.6)

Mailman Other Vulnerability (CVE-2004-0412)

WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Multiple Vulnerabilities (1.17.1)

Oracle JRE CVE-2013-5829 Vulnerability (CVE-2013-5829)

MongoDb Insufficiently Protected Credentials Vulnerability (CVE-2021-32039)

Severity

Medium

Classification

CVE-2005-2112

Tags

Missing Update Known Vulnerabilities