PT-2008-3554 · Xoops+3 · Xoops+7
Published
2008-04-30
·
Updated
2017-08-08
·
CVE-2008-2035
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Bluemoon, Inc. BackPack versions 0.91 and earlier
Bluemoon, Inc. BmSurvey versions 0.84 and earlier
Bluemoon, Inc. newbb fileup versions 1.83 and earlier
Bluemoon, Inc. News embed (news fileup) versions 1.44 and earlier
Bluemoon, Inc. PopnupBlog versions 3.19 and earlier
Description
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. This affects modules for XOOPS 2.0.x, XOOPS Cube 2.1, and ImpressCMS.
Recommendations
For BackPack versions 0.91 and earlier, update to a version later than 0.91.
For BmSurvey versions 0.84 and earlier, update to a version later than 0.84.
For newbb fileup versions 1.83 and earlier, update to a version later than 1.83.
For News embed (news fileup) versions 1.44 and earlier, update to a version later than 1.44.
For PopnupBlog versions 3.19 and earlier, update to a version later than 3.19.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Backpack
Bmsurvey
Impresscms
News Embed
Popnupblog
Xoops
Xoops Cube
Newbb Fileup