CVE-2002-0217

Name of the Vulnerable Software and Affected Versions XOOPS version 1.0 RC1

Description The issue concerns cross-site scripting (CSS) vulnerabilities in the Private Message System. Remote attackers can execute Javascript on other web clients via the Title field or a Private Message Box, or the image field parameter in "pmlite.php".

Recommendations For XOOPS version 1.0 RC1, consider disabling the Private Message System until a patch is available to prevent exploitation of the cross-site scripting vulnerabilities. Restrict access to the "pmlite.php" file to minimize the risk of exploitation. Avoid using the image field parameter in "pmlite.php" until the issue is resolved.