First published: Wed Oct 26 2005(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP and earlier, XOOPS 2.0.13.1 and earlier, and 2.2.x up to 2.2.3 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) modules that use "XOOPS Code" and (2) newbb in the forum module.
Credit: cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
Xoops Xoops | <=2.0.12_jp | |
Xoops Xoops | <=2.0.13.1 | |
Xoops Xoops | <=2.2.3_rc1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.