Description

Cross-site scripting (XSS) vulnerability in viewtopic.php in Xoops 2.x, possibly 2 through 2.0.5, allows remote attackers to inject arbitrary web script or HTML via the (1) forum and (2) topic_id parameters.

Remediation

References

CVE-2004-2756

Related Vulnerabilities

WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-4048)

WordPress Plugin Enable Media Replace SQL Injection and Arbitrary File Upload Vulnerabilities (2.3)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8157)

WordPress Plugin Custom Search by BestWebSoft Unspecified Vulnerability (1.21)

WordPress Plugin Translate WordPress with GTranslate Cross-Site Scripting (2.8.51)

Severity

Medium

Classification

CVE-2004-2756 CWE-707

Tags

Missing Update Known Vulnerabilities