Description

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php.

Remediation

References

CVE-2005-2112

Related Vulnerabilities

GlassFish CVE-2012-0104 Vulnerability (CVE-2012-0104)

PostgreSQL CVE-2018-1058 Vulnerability (CVE-2018-1058)

Oracle JRE CVE-2014-2401 Vulnerability (CVE-2014-2401)

WordPress Plugin Side Menu-add fixed side buttons SQL Injection (3.1.3)

WordPress Plugin Appointment Booking Calendar Multiple Vulnerabilities (1.1.7)

Severity

Medium

Classification

CVE-2005-2112

Tags

Missing Update Known Vulnerabilities