Cross-site scripting (XSS) vulnerability in the MytextSanitizer function in XOOPS 1.3.5 up to and including 1.3.9 and XOOPS 2.0 up to and including 2.0.1 allows remote malicious users to inject arbitrary web script or HTML via a javascript: URL in an IMG tag.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xoops xoops 2.0.1 |
||
xoops xoops 1.3.9 |
||
xoops xoops 2.0 |
||
xoops xoops 1.3.5 |
||
xoops xoops 1.3.6 |
||
xoops xoops 1.3.7 |
||
xoops xoops 1.3.8 |