1. CVE-Search
  2. CVE-2005-2112
ID CVE-2005-2112
Summary Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php.
References
Vulnerable Configurations
  • cpe:2.3:a:xoops:xoops:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:xoops:xoops:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:xoops:xoops:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:xoops:xoops:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:xoops:xoops:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:xoops:xoops:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:xoops:xoops:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:xoops:xoops:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:xoops:xoops:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:xoops:xoops:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:xoops:xoops:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:xoops:xoops:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:xoops:xoops:2.0.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:xoops:xoops:2.0.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:xoops:xoops:2.0.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:xoops:xoops:2.0.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:xoops:xoops:2.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:xoops:xoops:2.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:xoops:xoops:2.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:xoops:xoops:2.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:xoops:xoops:2.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:xoops:xoops:2.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:xoops:xoops:2.0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:xoops:xoops:2.0.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:xoops:xoops:2.0.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:xoops:xoops:2.0.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:xoops:xoops:2.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:xoops:xoops:2.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:xoops:xoops:2.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:xoops:xoops:2.0.11:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 18-10-2016 - 03:25)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bugtraq 20050629 XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
confirm http://www.xoops.org/modules/news/article.php?storyid=2383
misc http://www.gulftech.org/?node=research&article_id=00086-06292005
secunia 15843
Last major update 18-10-2016 - 03:25
Published 05-07-2005 - 04:00
Last modified 18-10-2016 - 03:25
Back to Top