Summary
XOOPS is prone to an HTTP-header-injection vulnerability and an arbitrary-file- deletion vulnerability.
By inserting arbitrary headers into an HTTP response, attackers may be able to launch various attacks, including cross-site request forgery, cross-site scripting, and HTTP-request smuggling.
Successful file-deletion exploits may corrupt data and cause denial-of- service conditions.
XOOPS 2.4.3 is vulnerable
other versions may also be affected.
References