Vulnerabilities > Xoops > Xoops > 2.4.3

DATE CVE VULNERABILITY TITLE RISK
2011-11-28 CVE-2011-4565 Cross-Site Scripting vulnerability in Xoops
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to include/formdhtmltextarea_preview.php or (2) img BBCODE tag within the message parameter to pmlite.php (aka Private Message).
network
xoops CWE-79
4.3
4.3