CVE-2009-2783

Name of the Vulnerable Software and Affected Versions XOOPS version 2.3.3

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities are found in the op parameter to "modules/pm/viewpmsg.php" and the query string to "modules/profile/user.php".

Recommendations For XOOPS version 2.3.3, as a temporary workaround, consider restricting access to the vulnerable modules, specifically "modules/pm/viewpmsg.php" and "modules/profile/user.php", until a patch is available. Avoid using the op parameter in "modules/pm/viewpmsg.php" and the query string in "modules/profile/user.php" to minimize the risk of exploitation.