Categories

Applications (282)
Blogs (7)
Content Management (190)
Customer Relationship (4)
Discussion Boards (41)
E-Commerce (15)
General Purpose Directories (2)
Image Galleries (21)
Mailing Lists (1)
Tips (3)
Vulnerabilities (393)
Access Bypass (64)
Cross Site Scripting (147)
Denial Of Service (2)
File Inclusion (55)
Information Disclosure (15)
Privilege Escalation (3)
Remote Command Execution (18)
Session Hijacking (2)
SQL Injection (150)
« miniBB XSS and SQL Injection
FluentCMS “sid” SQL Injection »

XOOPS Various Bluemoon inc. Modules XSS

Published by TL Guan May 21st, 2008 in Content Management and Cross Site Scripting.

Application: XOOPS
Affected Version: BackPack version 0.91 and earlier
BmSurvey version 0.84 and earlier
bb_fileup version 1.83 and earlier
News_embed (news_fileup) version 1.44 and earlier
PopnupBlog version 3.19 and earlier
Vendor’s URL: XOOPS Various Bluemoon inc. Modules
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to BackPack version 0.93, BmSurvey version 0.85, newbb_fileup version 1.84, News_embed version 1.45, and PopnupBlog version 3.20.

Subscribe

Latest

Archives



Valid XHTML 1.0 Transitional