CVE-2009-2783

Published: Aug 17, 2009

Modified: Sep 16, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) op parameter to modules/pm/viewpmsg.php and (2) query string to modules/profile/user.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://xoops.svn.sourceforge.net/viewvc/xoops/XoopsCore/trunk/htdocs/modules/pm/viewpmsg.php?view=log#rev3292

x_refsource_CONFIRM

35895

vdb-entry

x_refsource_BID

36109

third-party-advisory

x_refsource_SECUNIA

http://xoops.svn.sourceforge.net/viewvc/xoops/XoopsCore/trunk/htdocs/modules/pm/viewpmsg.php?r1=2621&r2=3292

x_refsource_CONFIRM

http://www.senseofsecurity.com.au/advisories/SOS-09-005.pdf

x_refsource_MISC

56638

vdb-entry

x_refsource_OSVDB

20090731 XOOPS Multiple Cross-Site Scripting Vulnerabilities - Security Advisory - SOS-09-005

mailing-list

x_refsource_BUGTRAQ

1022641

vdb-entry

x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2009-2783

Description

Affected Products

References