Summary
The host is running XOOPS and is prone to cross site scripting vulnerabilities.
Impact
Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade to XOOPS version 2.5.3 or later,
For updates refer to http://www.xoops.org/
Insight
The flaws are due to improper validation of user-supplied input to - The 'text' parameter to include/formdhtmltextarea_preview.php (when 'html' is set to '1'),
- The '[img]' BBCode tag in the 'message' parameter to pmlite.php script, which allows attacker to execute arbitrary HTML and script code on the user's browser session in the security context of an affected site.
Affected
XOOPS version 2.5.1a and prior
References
Severity
Classification
-
CVE CVE-2011-4565 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities