|
|
Family: CGI abuses : XSS --> Category: infos
XOOPS Dictionary Module Cross-Site Scripting Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Searches for the existence of an XSS bug in Xoops
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains PHP scripts that are affected by
cross-site scripting flaws.
Description :
The remote version of Xoops is vulnerable to several cross-site
scripting attacks. A possible hacker can exploit it using the 'terme' and
'letter' parameters of the 'search.php' and 'letter.php' scripts
respectively. This can be used to take advantage of the trust between
a client and server allowing the malicious user to execute malicious
JavaScript on the client's machine.
See also :
http://marc.theaimsgroup.com/?l=bugtraq&m=109394077209963&w=2
Solution :
Unknown at this time.
Risk factor:
Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
