CVE-2009-3240

CVE-2009-3240 is a documented XSS vulnerability in the Happy Linux XF-Section module for XOOPS, version 1.12a. The reports consistently describe an ability for remote attackers to inject arbitrary web script or HTML via unspecified vectors, potentially allowing arbitrary script execution in a use...

XF-Section vulnerable to cross-site scripting

Overview XF-Section from Happy Linux contains a cross-site scripting vulnerability. XF-Secion from Happy Linux is a XOOPS module that categorizes contents. XF-Section contains a cross-site scripting vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC coordinated with the...

JVN#00425482 XF-Section vulnerable to cross-site scripting

XF-Secion from Happy Linux is a XOOPS module that categorizes contents. XF-Section contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use XF-Section Since the product is no longer being developed, users are...

CVE-2008-7178

Directory traversal vulnerability in Uploader module 1.1 for XOOPS allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter in a downloadfile action to index.php...

Directory traversal

Directory traversal vulnerability in Uploader module 1.1 for XOOPS allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter in a downloadfile action to index.php...

CVE-2008-7178

Directory traversal vulnerability in Uploader module 1.1 for XOOPS allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter in a downloadfile action to index.php...

CVE-2008-7178

The CVE-2008-7178 issue affects XOOPS Uploader module 1.1, exposing a Directory Traversal vulnerability. An attacker can read arbitrary files by supplying ".." in the filename parameter of the downloadfile action to index.php, enabling remote access to sensitive files. The vulnerability is docume...

CVE-2008-7036

Multiple cross-site scripting XSS vulnerabilities in index.php in DevTracker module 3.0 for bcoos 1.1.11 and earlier, and DevTracker module 0.20 for E-XooPS 1.0.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 direction and 2 orderby parameters...

CVE-2009-2783

Multiple cross-site scripting XSS vulnerabilities in XOOPS 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the 1 op parameter to modules/pm/viewpmsg.php and 2 query string to modules/profile/user.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in XOOPS 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the 1 op parameter to modules/pm/viewpmsg.php and 2 query string to modules/profile/user.php...

CVE-2009-2783

XOOPS 2.3.3 is affected by multiple XSS vulnerabilities. The flaw involves unsanitized input in the op parameter of modules/pm/viewpmsg.php and in the query string of modules/profile/user.php, allowing remote attackers to inject arbitrary script/HTML. Impact is user/browser-level content manipula...

CVE-2009-2783

Multiple cross-site scripting XSS vulnerabilities in XOOPS 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the 1 op parameter to modules/pm/viewpmsg.php and 2 query string to modules/profile/user.php...

PT-2009-5147 · Xoops · Xoops

Name of the Vulnerable Software and Affected Versions: XOOPS version 2.3.3 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities are found in the op...

XOOPS 2.3.3 Cross Site Scripting

XOOPS Multiple Cross-Site Scripting Vulnerabilities - Security Advisory - SOS-09-005 Release Date. 31-Jul-2009 Vendor Notification Date. 15-Jun-2009 Product. XOOPS Platform. Independent Affected versions. 2.3.3 verified, possibly others Severity Rating. Medium Impact. Cookie/credential theft,...

XOOPS Multiple Cross-Site Scripting Vulnerabilities - Security Advisory - SOS-09-005

XOOPS Multiple Cross-Site Scripting Vulnerabilities - Security Advisory - SOS-09-005 Release Date. 31-Jul-2009 Vendor Notification Date. 15-Jun-2009 Product. XOOPS Platform. Independent Affected versions. 2.3.3 verified, possibly others Severity Rating. Medium Impact. Cookie/credential theft,...

Cross site scripting

Cross-site scripting XSS vulnerability in pmlite.php in XOOPS 2.3.1 and 2.3.2a allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute in a URL BBcode tag in a private message...

Directory traversal

Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when registerglobals is enabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the xoopsConfiglanguage parameter to 1 blocks.php and 2 main.php in xoopslib/modules/protector/...

CVE-2008-6884

Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when registerglobals is enabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the xoopsConfiglanguage parameter to 1 blocks.php and 2 main.php in xoopslib/modules/protector/...

CVE-2008-6884

Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when registerglobals is enabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the xoopsConfiglanguage parameter to 1 blocks.php and 2 main.php in xoopslib/modules/protector/...

CVE-2008-6885

XOOPS CVE-2008-6885: is an XSS in the pmlite.php component affecting XOOPS versions 2.3.1 and 2.3.2a . An attacker can inject arbitrary web script or HTML via a STYLE attribute in a URL BBCode tag in a private message. Root cause: improper handling of STYLE attributes in BBCode within private mes...