Home  >  CVE-2005-2338
CVE Details for CVE: CVE-2005-2338
Summary
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP and earlier, XOOPS 2.0.13.1 and earlier, and 2.2.x up to 2.2.3 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) modules that use "XOOPS Code" and (2) newbb in the forum module.
Timestamps
Last major update 18-10-2016 - 03:26
Published 27-10-2005 - 01:02
Last modified 18-10-2016 - 03:26
References
Vulnerable Configurations
  • cpe:2.3:a:xoops:xoops:*:*:*:*:*:*:*:*
    cpe:2.3:a:xoops:xoops:*:*:*:*:*:*:*:*
CAPEC
Click the CAPEC title to display a description
CWE
NVD-CWE-Other
CVSS
Base
4.3
Impact
2.9
Exploitability
8.6
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
CVSS3
None
VIA4 references
cvss-vector via4
AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid 15195
bugtraq 20051025 [SNS Advisory No.85] XOOPS Multiple Cross-site Scripting Vulnerabilities
cert-vn
  • VU#346302
  • VU#683958
jvn JVN#77105349
misc http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/85_e.html
secunia 17300