Fork me on GitHub

Search

Donat-O-Meter

Make donations with PayPal!
Stats
Goal: $100.00
Due Date: Oct 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00

Learn XOOPS Core

Local Support

Advertisement

XOOPS Code hosted on SourceForge

Cumulus Tag Cloud

- 2 2.5 2.6 3.0 4 6 2013 Abuse Android AntiHarvesting AntiMalUser AntiSpam API Apple Battlefield Blocks Bootstrap Captcha cell chronolabs content CĂN demo download Dresses facebook Fat Food for free Gateway Google Guide herre Home Honeypot HP html5 Human HỘ IP iPhone jQuery Law Legal List Loss mobile module modules Monster new newbb news NHÀ online PARK Payment phone PHP Prevention profile project Protector publisher Rapid RESIDENCE responsive review Rights rmcommon Room security Sentry site Smartphone Smarty Solution Spam stem Studio support tag tags tdmcreate The Theme themes User userlog web weight Wishcraft xoops Xortify XPayment ZendFramework

New Users

Registering user

# 137852

cricket21

Welcome to XOOPS!




Bottom   Previous Topic   Next Topic  |  Register To Post



#1 Posted on: 2006/1/9 21:10 Xoops Pool Module IMG Tag HTML Injection Vulnerability
Xoops Pool Module IMG Tag HTML Injection Vulnerability

The XOOPS Pool Module is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.

http://www.securityfocus.com/bid/16189/info

-------

I see this report in securityfocus.com, somebody know about this ?

sorry my english is bad

Top

tuxsoul
Joined:
2006/1/9 20:58
From Morelos
Group:
Registered Users
Posts: 13
(Show More) (Show Less)


#2 Posted on: 2006/1/9 21:25 Re: Xoops Pool Module IMG Tag HTML Injection Vulnerability
never heard of Pool Module myself..

Top

m0nty
Joined:
2003/10/24 18:30
From Derbyshire/UK
Group:
BANNED Users
Posts: 3324
(Show More) (Show Less)


#3 Posted on: 2006/1/9 21:37 Re: Xoops Pool Module IMG Tag HTML Injection Vulnerability
Quote:

m0nty wrote:
never heard of Pool Module myself..


I'm new using xoops, searching for this module, don't exist, but maybe to refer a poll module ???

sorry my english is bad

Top

tuxsoul
Joined:
2006/1/9 20:58
From Morelos
Group:
Registered Users
Posts: 13
(Show More) (Show Less)







You can view topic.
You cannot start a new topic.
You cannot reply to posts.
You cannot edit your posts.
You cannot delete your posts.
You cannot add new polls.
You can vote in polls.
You cannot attach files to posts.
You cannot post without approval.
You cannot use topic type.
You cannot use HTML syntax.
You cannot use signature.
You cannot create pdf.
You cannot get print page.

[Advanced Search]