CVE-2009-4713

Name of the Vulnerable Software and Affected Versions XOOPS Celepar Qas module (affected versions not specified)

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via the cod categoria parameter to "categoria.php", the opcao parameter to "index.php", and the PATH INFO to both "categoria.php" and "index.php".

Recommendations For the XOOPS Celepar Qas module, consider disabling the categoria.php and index.php scripts until a patch is available. Restrict access to the cod categoria and opcao parameters in the affected scripts to minimize the risk of exploitation. Avoid using the PATH INFO to "categoria.php" and "index.php" until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.