Description

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php.

Remediation

References

CVE-2005-2112

Related Vulnerabilities

OpenSSL Cryptographic Issues Vulnerability (CVE-2013-0169)

Moodle Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2016-9187)

GeoServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-23821)

WordPress Plugin WordPress Console Security Bypass (0.3.9)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4286)

Severity

Medium

Classification

CVE-2005-2112

Tags

Missing Update Known Vulnerabilities