Vulnerabilities > CVE-2005-2112 - Cross-Site Scripting vulnerability in Xoops

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

xoops

nessus

exploit available

NVD

Published: 2005-07-05

Updated: 2016-10-18

Summary

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php.

Vulnerable Configurations

Part	Description	Count
Application	Xoops Xoops Xoops 2.0 Xoops Xoops 2.0.1 Xoops Xoops 2.0.2 Xoops Xoops 2.0.3 Xoops Xoops 2.0.4 Xoops Xoops 2.0.5 Xoops Xoops 2.0.5.1 Xoops Xoops 2.0.5.2 Xoops Xoops 2.0.6 Xoops Xoops 2.0.7 Xoops Xoops 2.0.9 Xoops Xoops 2.0.9.2 Xoops Xoops 2.0.9.3 Xoops Xoops 2.0.10 Xoops Xoops 2.0.11	15

Exploit-Db

description	XOOPS < 2.0.11 - Multiple Vulnerabilities. CVE-2005-2112,CVE-2005-2113. Webapps exploit for PHP platform
id	EDB-ID:43827
last seen	2018-01-24
modified	2015-06-29
published	2015-06-29
reporter	Exploit-DB
source	https://www.exploit-db.com/download/43827/
title	XOOPS < 2.0.11 - Multiple Vulnerabilities

Nessus

NASL family	CGI abuses
NASL id	XOOPS_2012.NASL
description	The installed version of XOOPS on the remote host is affected by several vulnerabilities : - A SQL Injection Vulnerability The bundled XMLRPC server fails to sanitize user- supplied input to the
last seen	2020-06-01
modified	2020-06-02
plugin id	18614
published	2005-07-05
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18614
title	XOOPS < 2.0.12 Multiple Vulnerabilities

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References