Summary
The host is running XOOPS and is prone to cross site scripting vulnerabilities.
Impact
Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade to XOOPS version 2.5.3 or later,
For updates refer to http://www.xoops.org/
Insight
The flaws are due to improper validation of user-supplied input to - The 'text' parameter to include/formdhtmltextarea_preview.php (when 'html' is set to '1'),
- The '[img]' BBCode tag in the 'message' parameter to pmlite.php script, which allows attacker to execute arbitrary HTML and script code on the user's browser session in the security context of an affected site.
Affected
XOOPS version 2.5.1a and prior
References
Severity
Classification
-
CVE CVE-2011-4565 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
- Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
- Apache CouchDB Cross Site Request Forgery Vulnerability
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
- Apache ActiveMQ Multiple Vulnerabilities