Cross-Site Scripting Vulnerability in XOOPS by XOOPS Foundation
CVE-2008-6885

Currently unrated

Key Information:

Vendor

Xoops

Status
Xoops
Vendor
CVE Published:
31 July 2009

What is CVE-2008-6885?

A Cross-Site Scripting (XSS) vulnerability exists in the pmlite.php file of XOOPS version 2.3.1 and 2.3.2a, which allows remote attackers to inject arbitrary web scripts or HTML into private messages. This exploitation can occur via a STYLE attribute within a malformed URL in a BBcode tag, enabling attackers to execute malicious scripts in the context of affected users. Proper input validation and sanitization are critical to safeguard against such vulnerabilities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://marc.info/?l=bugtraq&m=122875449930810&w=2
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/32685
vdb-entryx_refsource_BID
http://secunia.com/advisories/33048
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.