CVE-2005-2338 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP and earlier XOOPS 2.0.13.1 and earlier and 2.2.x up to 2.2.3 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) modules that use \XOOPS Code\ and (2) newbb in the forum module.

Reference

http://jvn.jp/jp/JVN2377105349/index.html http://marc.info/?l=bugtraq&m=113027315412024&w=2 http://secunia.com/advisories/17300 http://www.kb.cert.org/vuls/id/346302 http://www.kb.cert.org/vuls/id/683958 http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/85_e.html http://www.securityfocus.com/bid/15195