PT-2008-3554 · Xoops+3 · Xoops+7
Publicado
2008-04-30
·
Atualizado
2017-08-08
·
CVE-2008-2035
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Bluemoon, Inc. BackPack versions 0.91 and earlier
Bluemoon, Inc. BmSurvey versions 0.84 and earlier
Bluemoon, Inc. newbb fileup versions 1.83 and earlier
Bluemoon, Inc. News embed (news fileup) versions 1.44 and earlier
Bluemoon, Inc. PopnupBlog versions 3.19 and earlier
Description
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. This affects modules for XOOPS 2.0.x, XOOPS Cube 2.1, and ImpressCMS.
Recommendations
For BackPack versions 0.91 and earlier, update to a version later than 0.91.
For BmSurvey versions 0.84 and earlier, update to a version later than 0.84.
For newbb fileup versions 1.83 and earlier, update to a version later than 1.83.
For News embed (news fileup) versions 1.44 and earlier, update to a version later than 1.44.
For PopnupBlog versions 3.19 and earlier, update to a version later than 3.19.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Backpack
Bmsurvey
Impresscms
News Embed
Popnupblog
Xoops
Xoops Cube
Newbb Fileup