CVE-2011-4565

Published: Nov 28, 2011Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to include/formdhtmltextarea_preview.php or (2) img BBCODE tag within the message parameter to pmlite.php (aka Private Message). NOTE: some of these details are obtained from third party information.

Affected (30)

Products: Xoops: Xoops

Xoops

1 product

Xoops

Configuration A

30 vulnerable

Vulnerable Software	Affected Versions
Xoops Xoops	Up to 2.5.1.a
Xoops Xoops	Version 2.0.13.2
Xoops Xoops	Version 2.0.14
Xoops Xoops	Version 2.0.14 rc1
Xoops Xoops	Version 2.0.15
Xoops Xoops	Version 2.0.16
Xoops Xoops	Version 2.0.17.1
Xoops Xoops	Version 2.0.17.1 rc2
Xoops Xoops	Version 2.0.17.1 rc
Xoops Xoops	Version 2.0.17
Xoops Xoops	Version 2.0.18.1
Xoops Xoops	Version 2.0.18.1 rc
Xoops Xoops	Version 2.0.18.2
Xoops Xoops	Version 2.0.18
Xoops Xoops	Version 2.0.18 rc
Xoops Xoops	Version 2.0.2
Xoops Xoops	Version 2.3.0
Xoops Xoops	Version 2.3.1
Xoops Xoops	Version 2.3.2a
Xoops Xoops	Version 2.3.2b
Xoops Xoops	Version 2.3.3
Xoops Xoops	Version 2.3.3b
Xoops Xoops	Version 2.4.0
Xoops Xoops	Version 2.4.1
Xoops Xoops	Version 2.4.2
Xoops Xoops	Version 2.4.3
Xoops Xoops	Version 2.4.4
Xoops Xoops	Version 2.4.5
Xoops Xoops	Version 2.5.0
Xoops Xoops	Version 2.5.1