CVE-2011-4565

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to include/formdhtmltextarea_preview.php or (2) img BBCODE tag within the message parameter to pmlite.php (aka Private Message). NOTE: some of these details are obtained from third party information.

Published: Nov 28, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-4565
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
xoops / xoops	2.3.2b	2.3.2b.x
xoops / xoops	2.4.2	2.4.2.x
xoops / xoops	2.0.2	2.0.2.x
xoops / xoops	2.0.14-rc1	2.0.14-rc1.x
xoops / xoops	2.0.16	2.0.16.x
xoops / xoops	2.0.18.1-rc	2.0.18.1-rc.x
xoops / xoops	2.0.15	2.0.15.x
xoops / xoops	2.3.2a	2.3.2a.x
xoops / xoops	2.0.17.1-rc	2.0.17.1-rc.x
xoops / xoops	2.0.18-rc	2.0.18-rc.x
xoops / xoops	2.5.0	2.5.0.x
xoops / xoops	2.0.18.2	2.0.18.2.x
xoops / xoops	2.0.17.1-rc2	2.0.17.1-rc2.x
xoops / xoops	2.0.18.1	2.0.18.1.x
xoops / xoops	2.4.0	2.4.0.x
xoops / xoops	2.0.13.2	2.0.13.2.x
xoops / xoops	2.3.3b	2.3.3b.x
xoops / xoops	2.4.1	2.4.1.x
xoops / xoops	2.4.4	2.4.4.x
xoops / xoops	2.3.0	2.3.0.x
xoops / xoops	2.4.3	2.4.3.x
xoops / xoops	2.0.14	2.0.14.x
xoops / xoops	-	2.5.1.a.x
xoops / xoops	2.0.17	2.0.17.x
xoops / xoops	2.5.1	2.5.1.x
xoops / xoops	2.3.1	2.3.1.x
xoops / xoops	2.4.5	2.4.5.x
xoops / xoops	2.0.17.1	2.0.17.1.x
xoops / xoops	2.0.18	2.0.18.x
xoops / xoops	2.3.3	2.3.3.x

Vulnerability Database

290,301

CVE-2011-4565