Xoops Myheader.php URL Cross Site Scripting Vulnerability Network Vulnerability

Summary

The weblinks module of XOOPS contains a file named 'myheader.php' in /modules/mylinks/ directory. The code of the module insufficently filters out user provided data. The URL parameter used by 'myheader.php' can be used to insert malicious HTML and/or JavaScript in to the web page.

Solution

Upgrade to the latest version of XOOPS.

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apple Safari 'Webkit' Multiple Vulnerabilities -01 Feb15 (Mac OS X)
Apple Safari Multiple Vulnerabilities Dec13 (Mac OS X)
Adobe Reader Old Plugin Signature Bypass Vulnerability (Windows)
Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Mac OS X)
Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Mac OS X)

Xoops myheader.php URL Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities