Nagl Dictionary Module for XOOPS XSS

low Nessus Network Monitor Plugin ID 2187

Synopsis

The remote host is vulnerable to a Cross-Site Scripting (XSS) attack.

Description

The remote host is running Nagl Dictionary, a XOOPS module. XOOPS is a web portal application written in PHP. The running version is reported vulnerable to a cross-site scripting issue. An attacker may steal cookie-based authentication credentials from a legitimate user by sending the user malformed links to this web site.

Solution

No solution is known at this time.

Plugin Details

Severity: Low

ID: 2187

Family: CGI

Published: 8/31/2004

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Low

Base Score: 2.6

Temporal Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Low

Base Score: 3.7

Temporal Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:H/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:xoops:xoops_dictionary

Reference Information

CVE: CVE-2004-1640

BID: 11064

Detections

Analytics

Nagl Dictionary Module for XOOPS XSS

low Nessus Network Monitor Plugin ID 2187

Synopsis

Description

Solution

Plugin Details

Risk Information

VPR

CVSS v2

CVSS v3

Vulnerability Information

Reference Information