Description

Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT Downloads Plus (rmdp) module 1.5 and 1.7 for Xoops allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to search.php and the (2) id parameter to down.php.

Remediation

References

CVE-2008-4435

Related Vulnerabilities

WordPress Plugin Sticky Menu on Scroll, Sticky Header, Sticky Welcome Bar for Any Theme-myStickymenu Unspecified Vulnerability (2.1.4)

phpMyFAQ Sensitive Cookie in HTTPS Session Without 'Secure' Attribute Vulnerability (CVE-2023-5866)

Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2020-25689)

WordPress Plugin Stream Cross-Site Scripting (3.0.5)

Chamilo Improper Handling of Case Sensitivity Vulnerability (CVE-2023-3545)

Severity

Medium

Classification

CVE-2008-4435 CWE-707

Tags

Missing Update Known Vulnerabilities