Description

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php.

Remediation

References

CVE-2005-2112

Related Vulnerabilities

WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce SQL Injection (4.3.0)

WordPress Plugin MailPoet Newsletters (Previous) 'swfupload.swf' Cross-Site Scripting (2.1.6)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-29907)

Caddy Web Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-29718)

phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15729)

Severity

Medium

Classification

CVE-2005-2112

Tags

Missing Update Known Vulnerabilities