Summary
The remote web server contains a PHP script that is prone to cross- site scripting attacks.
Description :
The weblinks module of XOOPS contains a file named 'viewtopic.php' in the '/modules/newbb' directory. The code of the module insufficently filters out user provided data. The URL parameter used by 'viewtopic.php' can be used to insert malicious HTML and/or JavaScript in to the web page.
Solution
Unknown at this time.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2004-2756 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache ActiveMQ Source Code Information Disclosure Vulnerability
- Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
- Apache CouchDB Cross Site Request Forgery Vulnerability
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
- Afian 'includer.php' Directory Traversal Vulnerability