JVNDB-2005-000864

[Japanese]
JVNDB-2005-000864
XOOPS cross-site scripting vulnerability
Overview
XOOPS is an open source web content management system implemented in PHP. XOOPS itself and its forum modules have multiple vulnerabilities in validating private messages and forum articles.
CVSS Severity (What is CVSS?)
CVSS V2 Severity: Base Metrics 4.3 (Medium) [IPA Score] Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
Affected Products

XOOPS XOOPS Cube 2.0.12 JP and earlier XOOPS Cube 2.0.13.1 and earlier XOOPS Cube 2.2.3 RC1 and earlier

Impact
A remote attacker may upload a script to be executed by a user reading a private message or a forum article. This may allow a remote attacker to perform a session-hijacking and manipulate the screens after the user logs in.
Solution

Vendor Information
XOOPS XOOPS Cube : XOOPS 2.0.13 JP release
CWE (What is CWE?)

CVE (What is CVE?)
CVE-2005-2338
References
JVN : JVN#77105349 National Vulnerability Database (NVD) : CVE-2005-2338 Secunia Advisory : SA17300 SecurityFocus : 15195
Revision History
[2008/05/21] Web page published

XOOPS cross-site scripting vulnerability