CVE-2002-2386

Name of the Vulnerable Software and Affected Versions XOOPS version 1.0

Description A cross-site scripting (XSS) issue exists in the Quizz module, allowing remote attackers to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag when on-line question development is enabled.

Recommendations For XOOPS version 1.0, as a temporary workaround, consider disabling the Quizz module until a patch is available. Restrict access to the Quizz module to minimize the risk of exploitation. Avoid using the SRC attribute of an IMG tag with javascript: URLs in the Quizz module until the issue is resolved.