Multiple cross-site scripting (XSS) vulnerabilities in index.php in DevTracker module 3.0 for bcoos 1.1.11 and previous versions, and DevTracker module 0.20 for E-XooPS 1.0.8 and previous versions, allow remote malicious users to inject arbitrary web script or HTML via the (1) direction and (2) order_by parameters.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
e-xoops e-xoops |
||
e-xoops e-xoops 1.05 |
||
bcoos devtracker 0.20 |
||
bcoos devtracker 3.0 |
||
bcoos bcoos |
||
bcoos bcoos 1.0.11 |
||
bcoos bcoos 1.0.10 |
||
bcoos bcoos 1.0.9 |
||
bcoos bcoos 1.0.12 |
||
bcoos bcoos 1.0.13 |