Description

Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist.php in XOOPS 1.0 allows remote attackers to inject arbitrary web script or HTML via the newdownloadshowdays parameter.

Remediation

References

CVE-2006-5810

Related Vulnerabilities

WordPress Plugin ByREV WP-PICShield Cross-Site Request Forgery (1.9.7)

Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2018-1000861)

WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder Cross-Site Scripting (1.13.59)

WordPress Plugin Ivory Search-WordPress Search Cross-Site Scripting (4.7.1)

WordPress Plugin Cimy User Manager 'cimy_um_filename' Parameter Arbitrary File Disclosure (1.4.2)

Severity

Medium

Classification

CVE-2006-5810

Tags

Missing Update Known Vulnerabilities