CVE-2004-1640 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and 1.0 allow remote attackers to execute arbitrary web script and HTML via the (1) terme parameter to search.php or (2) letter parameter to letter.php.

Reference

http://cyruxnet.org/modulo_dic_xoops.htm http://marc.info/?l=bugtraq&m=109394077209963&w=2 http://secunia.com/advisories/12424 http://www.osvdb.org/9393 http://www.osvdb.org/9394 http://www.securityfocus.com/bid/11064 https://exchange.xforce.ibmcloud.com/vulnerabilities/17152 https://exchange.xforce.ibmcloud.com/vulnerabilities/17154