Menu

Search for hundreds of thousands of exploits

"XOOPS 2.3.3 - 'op' Multiple Cross-Site Scripting Vulnerabilities"

Author

Exploit author

"Sense of Security"

Platform

Exploit platform

php

Release date

Exploit published date

2009-06-30

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
source: https://www.securityfocus.com/bid/35895/info

XOOPS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

XOOPS 2.3.3 is vulnerable; other versions may be affected as well. 

http://www.example.com/xoops-2.3.3/htdocs/modules/pm/viewpmsg.php?op='"><script>alert('vulnerable')</script>
http://www.example.com/xoops-2.3.3/htdocs/modules/profile/user.php?"><script>alert('vulnerable')</script>
Release Date Title Type Platform Author
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-12-02 "WonderCMS 3.1.3 - 'Menu' Persistent Cross-Site Scripting" webapps php "Hemant Patidar"
2020-12-02 "WordPress Plugin Wp-FileManager 6.8 - RCE" webapps php "Mansoor R"
2020-12-02 "WonderCMS 3.1.3 - Authenticated Remote Code Execution" webapps php zetc0de
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - Password Reset leading to Account Takeover" webapps php "Mufaddal Masalawala"
2020-12-02 "Simple College Website 1.0 - 'page' Local File Inclusion" webapps php Mosaaed
2020-12-02 "Car Rental Management System 1.0 - SQL Injection / Local File include" webapps php Mosaaed
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "WonderCMS 3.1.3 - Authenticated SSRF to Remote Remote Code Execution" webapps php zetc0de
2020-12-02 "Pharmacy Store Management System 1.0 - 'id' SQL Injection" webapps php "Aydın Baran Ertemir"
2020-12-01 "Multi Restaurant Table Reservation System 1.0 - Multiple Persistent XSS" webapps php yunaranyancat
Release Date Title Type Platform Author
2013-11-12 "Juniper Junos J-Web - Privilege Escalation" webapps php "Sense of Security"
2013-04-08 "Google AD Sync Tool - Exposure of Sensitive Information" local multiple "Sense of Security"
2012-11-30 "SilverStripe CMS 3.0.2 - Multiple Vulnerabilities" webapps php "Sense of Security"
2012-09-05 "Ektron CMS 8.5.0 - Multiple Vulnerabilities" webapps asp "Sense of Security"
2012-08-27 "Elcom CMS 7.4.10 - Community Manager Insecure Arbitrary File Upload" webapps asp "Sense of Security"
2012-06-18 "QNAP Turbo NAS 3.6.1 Build 0302T - Multiple Vulnerabilities" webapps hardware "Sense of Security"
2012-03-07 "Iciniti Store - SQL Injection" webapps asp "Sense of Security"
2012-03-05 "Symfony2 - Local File Disclosure" webapps php "Sense of Security"
2012-02-23 "Snom IP Phone - Privilege Escalation" webapps hardware "Sense of Security"
2011-10-17 "WordPress Plugin BackWPUp 2.1.4 - Code Execution" webapps php "Sense of Security"
2011-09-20 "NETGEAR Wireless Cable Modem Gateway - Authentication Bypass / Cross-Site Request Forgery" webapps hardware "Sense of Security"
2011-09-19 "Cisco TelePresence SOS-11-010 - Multiple Vulnerabilities" webapps hardware "Sense of Security"
2011-07-20 "Oracle Sun GlassFish Enterprise Server - Persistent Cross-Site Scripting" webapps jsp "Sense of Security"
2011-06-18 "Cisco Unified Operations Manager 8.5 - '/iptm/logicalTopo.do' Multiple Cross-Site Scripting Vulnerabilities" remote hardware "Sense of Security"
2011-06-18 "Cisco Unified Operations Manager 8.5 - iptm/eventmon Multiple Cross-Site Scripting Vulnerabilities" remote hardware "Sense of Security"
2011-06-18 "Cisco Unified Operations Manager 8.5 - 'iptm/ddv.do?deviceInstanceName' Cross-Site Scripting" remote hardware "Sense of Security"
2011-06-18 "Cisco Unified Operations Manager 8.5 - '/iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp' Multiple Cross-Site Scripting Vulnerabilities" remote hardware "Sense of Security"
2011-06-18 "Cisco Unified Operations Manager 8.5 - 'iptm/advancedfind.do?extn' Cross-Site Scripting" remote hardware "Sense of Security"
2011-05-20 "PHP Captcha / Securimage 2.0.2 - Authentication Bypass" webapps php "Sense of Security"
2011-05-18 "CiscoWorks Common Services 3.1.1 - Auditing Directory Traversal" webapps java "Sense of Security"
2011-05-18 "CiscoWorks Common Services Framework 3.1.1 Help Servlet - Cross-Site Scripting" remote hardware "Sense of Security"
2011-05-18 "Cisco Unified Operations Manager - Multiple Vulnerabilities" remote windows "Sense of Security"
2011-05-18 "Cisco Unified Operations Manager 8.5 - Common Services Device Center Cross-Site Scripting" remote hardware "Sense of Security"
2011-04-15 "cPassMan 1.82 - Arbitrary File Download" webapps php "Sense of Security"
2011-03-28 "WordPress Plugin BackWPup - Remote Code Execution / Local Code Execution" webapps php "Sense of Security"
2010-12-20 "Elcom CommunityManager.NET - Authentication Bypass" webapps asp "Sense of Security"
2009-08-12 "Plume CMS 1.2.3 - Multiple SQL Injections" webapps php "Sense of Security"
2009-06-30 "XOOPS 2.3.3 - 'op' Multiple Cross-Site Scripting Vulnerabilities" webapps php "Sense of Security" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected