CVE-2005-2338

Published: Oct 27, 2005Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP and earlier, XOOPS 2.0.13.1 and earlier, and 2.2.x up to 2.2.3 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) modules that use "XOOPS Code" and (2) newbb in the forum module.

Affected (3)

Products: Xoops: Xoops

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Xoops Xoops	Up to 2.0.12_jp
Xoops Xoops	Up to 2.0.13.1
Xoops Xoops	Up to 2.2.3_rc1

References (14)

http://jvn.jp/jp/JVN%2377105349/index.html

Source: cret@cert.org

http://marc.info/?l=bugtraq&m=113027315412024&w=2

Source: cret@cert.org

http://secunia.com/advisories/17300

Source: cret@cert.org

PatchVendor Advisory

http://www.kb.cert.org/vuls/id/346302

Source: cret@cert.org

US Government Resource

http://www.kb.cert.org/vuls/id/683958

Source: cret@cert.org

US Government Resource

http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/85_e.html

Source: cret@cert.org

PatchVendor Advisory

http://www.securityfocus.com/bid/15195

Source: cret@cert.org

http://jvn.jp/jp/JVN%2377105349/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=113027315412024&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/17300

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.kb.cert.org/vuls/id/346302

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.kb.cert.org/vuls/id/683958

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/85_e.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/15195

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.