Description

Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT Downloads Plus (rmdp) module 1.5 and 1.7 for Xoops allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to search.php and the (2) id parameter to down.php.

Remediation

References

CVE-2008-4435

Related Vulnerabilities

Microsoft SQL Server Other Vulnerability (CVE-1999-1556)

WordPress Plugin EME Sync Facebook Events Unspecified Vulnerability (1.0.38)

WordPress Plugin Registrations for the Events Calendar-Event Registration SQL Injection (2.7.5)

Drupal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2010-2471)

WordPress Plugin Photo Gallery by Ays-Responsive Image Gallery SQL Injection (1.0.0)

Severity

Medium

Classification

CVE-2008-4435 CWE-707

Tags

Missing Update Known Vulnerabilities