Xoops Myheader.php URL Cross Site Scripting Vulnerability Network Vulnerability

Summary

The weblinks module of XOOPS contains a file named 'myheader.php' in /modules/mylinks/ directory. The code of the module insufficently filters out user provided data. The URL parameter used by 'myheader.php' can be used to insert malicious HTML and/or JavaScript in to the web page.

Solution

Upgrade to the latest version of XOOPS.

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache /server-status accessible
Asterisk Missing ACL Check Remote Security Bypass Vulnerability
Adobe LiveCycle Designer Untrusted Search Path Vulnerability (Windows)
Apple Safari 'setInterval()' Address Bar Spoofing Vulnerability (Win)
Apple Safari Multiple Memory Corruption Vulnerabilities-03 Aug14 (Mac OS X)

Xoops myheader.php URL Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities