XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install DB failure error message in page_dbsettings.php.
References
Link | Resource |
---|---|
https://tsublogs.wordpress.com/2017/04/24/xoops-core-2-5-8-1-install-db-cross-site-scripting/ | Third Party Advisory |
http://www.securityfocus.com/bid/97978 | Third Party Advisory VDB Entry |
Configurations
Information
Published : 2017-04-24 03:59
Updated : 2017-04-27 11:53
NVD link : CVE-2017-7944
Mitre link : CVE-2017-7944
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
xoops
- xoops