QwikSec

Security Database

CVE

CWE

Training

CVE-2011-4565

Published: Nov 28, 2011

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to include/formdhtmltextarea_preview.php or (2) img BBCODE tag within the message parameter to pmlite.php (aka Private Message). NOTE: some of these details are obtained from third party information.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

xoops-pmlite-xss(70377)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

xoops-formdhtmltextareapreview-xss(70378)

vdb-entry

x_refsource_XF

https://www.htbridge.ch/advisory/multiple_xss_in_xoops_web_application_platform.html

x_refsource_MISC

vdb-entry

x_refsource_BID

http://xoops.org/modules/news/article.php?storyid=6094

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.