Xoops Viewtopic.php Cross Site Scripting Vulnerability Network Vulnerability

Summary

The remote web server contains a PHP script that is prone to cross- site scripting attacks. Description : The weblinks module of XOOPS contains a file named 'viewtopic.php' in the '/modules/newbb' directory. The code of the module insufficently filters out user provided data. The URL parameter used by 'viewtopic.php' can be used to insert malicious HTML and/or JavaScript in to the web page.

Solution

Unknown at this time.

References

http://www.securitytracker.com/alerts/2004/Jan/1008849.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2004-2756

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
@Mail 'MailType' Parameter Cross Site Scripting Vulnerability
Apache ActiveMQ Multiple Vulnerabilities
APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability

Xoops viewtopic.php Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities