WEB APPLICATION VULNERABILITIES Standard & Premium

XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-4435)

Description

Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT Downloads Plus (rmdp) module 1.5 and 1.7 for Xoops allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to search.php and the (2) id parameter to down.php.

Remediation

References

Related Vulnerabilities

Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9516)

WordPress Plugin Community Events SQL Injection (1.3.5)

WordPress Plugin Anti-Malware Security and Brute-Force Firewall Cross-Site Scripting (4.15.22)

Jboss EAP Cryptographic Issues Vulnerability (CVE-2014-0058)

Drupal Core 7.x Security Bypass (7.0 - 7.43)

Severity

Medium

Classification

CVE-2008-4435 CWE-707

Tags

Missing Update Known Vulnerabilities