Description

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php.

Remediation

References

CVE-2005-2112

Related Vulnerabilities

WordPress Plugin Featured Post with thumbnail Unspecified Vulnerability (1.4)

WordPress Plugin BackupBuddy Arbitrary File Download (8.7.4.1)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-36401)

WordPress Plugin Abandoned Cart Lite for WooCommerce SQL Injection (1.8)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-0191)

Severity

Medium

Classification

CVE-2005-2112

Tags

Missing Update Known Vulnerabilities