Detections
Analytics

XOOPS <= 1.0 Dictionary Module Multiple Scripts XSS

medium Nessus Plugin ID 14614

Language:

Synopsis

The remote web server contains PHP scripts that are affected by cross- site scripting flaws.

Description

The remote version of XOOPS is vulnerable to several cross-site scripting attacks. An attacker can exploit it using the 'terme' and 'letter' parameters of the 'search.php' and 'letter.php' scripts respectively. This can be used to take advantage of the trust between a client and server allowing the malicious user to execute malicious JavaScript on the client's machine.

Solution

Unknown at this time.

See Also

https://marc.info/?l=bugtraq&m=109394077209963&w=2

Plugin Details

Severity: Medium

ID: 14614

File Name: xoops_dictionary_xss.nasl

Version: 1.23

Type: remote

Published: 9/1/2004

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

Required KB Items: www/xoops

Exploit Ease: No exploit is required

Vulnerability Publication Date: 8/28/2004

Reference Information

CVE: CVE-2004-1640

BID: 11064

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990