CVE-2004-1640

Name of the Vulnerable Software and Affected Versions XOOPS versions 0.94 through 1.0

Description The issue allows remote attackers to execute arbitrary web script and HTML. This can be achieved via the terme parameter to "search.php" or the letter parameter to "letter.php".

Recommendations For XOOPS versions 0.94 through 1.0, consider disabling the search.php and letter.php scripts until a patch is available. Restrict access to these scripts to minimize the risk of exploitation. Avoid using the terme and letter parameters in the affected API endpoints until the issue is resolved.