Tuxsoul

**Name of the Vulnerable Software and Affected Versions** XOOPS (affected versions not specified) **Description** The issue concerns a cross-site scripting (XSS) vulnerability in a certain module, possibly 'poll' or 'Pool', which allows remote attackers to inject arbitrary web script or HTML via JavaScript in the `SRC` attribute of an `IMG` element in a comment. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.