XOOPS-magazine - XOOPS Blog » XOOPS 2.2.5 - cross-site scripting vulnerability

XOOPS-MAGAZINE-COM pimp your xoops Homepage \| Artikel einsenden

« XOOPS, XOOPS Cube, simple-xoops, impressCMS - and now? XOOPS Cube Legacy 2.1.3 RC and german support » XOOPS 2.2.5 - cross-site scripting vulnerability 20. Dezember 2007 Rene Sato (Views: 1524) XOOPS 2.2.5 Risk Level: MEDIUM - Vulnerability can be exploited to execute arbitrary HTML and script code in a user’s browser session in the context of an affected site. Cross-site Scripting Vulnerability: Input passed via the URL to “register.php” in the “/modules/profile” directory isn’t properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. Sample Exploit Code: `http://host/xoops/modules/profile/register.php?>'"><script>alert('XSS');</script>` The DigiTrust Group Security 2 Kommentare Kommentar von Rene Sato: 22. Dezember 2007 @ 13:00 XOOPS 2.2.5 Security Fix Release: http://downloads.sourceforge.net/xoops/xoops-2.2.5-security.zip Kommentar von Omer Singer: 27. Dezember 2007 @ 04:03 The original advisory can be found at: http://www.digitrustgroup.com/advisories/web-application-security-xoops.html Einen Kommentar hinterlassen Name (notwendig) Mail (will not be published) (notwendig) Webseite You must read and type the 5 chars within 0..9 and A..F, and submit the form. Oh no, I cannot read this. Please, generate a

XOOPS-MAGAZINE-COM