Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2338

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-2338
Last Modified 05 Sep 2008 04:51:30
Published 26 Oct 2005 09:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-2338

Summary

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP and earlier, XOOPS 2.0.13.1 and earlier, and 2.2.x up to 2.2.3 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) modules that use "XOOPS Code" and (2) newbb in the forum module.

Vulnerable Systems

Application

  • Xoops 2.0.12 Jp

  • Xoops 2.0.13.1

  • Xoops 2.2.3 Rc1


References

MISC - http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/85_e.html

SECUNIA - 17300

JVN - JVN#77105349

BID - 15195

BUGTRAQ - 20051025 [SNS Advisory No.85] XOOPS Multiple Cross-site Scripting Vulnerabilities


Last Updated: 27 May 2016 10:40:28