Description
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) op parameter to modules/pm/viewpmsg.php and (2) query string to modules/profile/user.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Accept Stripe Donation-AidWP Cross-Site Request Forgery (3.1.5)
WordPress Plugin User Rights Access Manager Security Bypass (1.0.3)
WordPress Plugin Like Button Rating-LikeBtn Server-Side Request Forgery (2.6.31)
MySQL CVE-2021-2169 Vulnerability (CVE-2021-2169)
Joomla! Core 1.0.x Multiple Unspecified Vulnerabilities (1.0.0 - 1.0.7)