Fork me on GitHub

Search

Donat-O-Meter

Make donations with PayPal!
Stats
Goal: $100.00
Due Date: Jul 31
Gross Amount: $15.00
Net Balance: $14.11
Left to go: $85.89

Donations
GPboarder  ($15)Jul-13

Learn XOOPS Core

Local Support

Advertisement

XOOPS Code hosted on SourceForge

Cumulus Tag Cloud

- 2 2.5 2.6 3.0 4 6 2013 Abuse admin Android AntiHarvesting AntiMalUser AntiSpam API Apple Battlefield Blocks Bootstrap By Captcha cell chronolabs CHUNG Cloud content CĂN demo Digitally download Dresses facebook Fat Food for free Gateway Google Guide herre Honeypot HP Human HỘ IP iPhone jQuery Language Law Legal List Loss mobile module modules Monster new newbb news NHÀ online PARK Payment phone PHP Prevention profile project Protector publisher RESIDENCE responsive review Rights rmcommon security Sentry Signed Signup site Smartphone Smarty Solution Spam Studio tag tags tdmcreate The Theme themes userlog web weight Wishcraft xoops Xortify XPayment

New Users

Registering user

# 138253

natalka

Welcome to XOOPS!




Bottom   Previous Topic   Next Topic  |  Register To Post



#1 Posted on: 2006/1/9 21:10 Xoops Pool Module IMG Tag HTML Injection Vulnerability
Xoops Pool Module IMG Tag HTML Injection Vulnerability

The XOOPS Pool Module is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.

http://www.securityfocus.com/bid/16189/info

-------

I see this report in securityfocus.com, somebody know about this ?

sorry my english is bad

Top

tuxsoul
Joined:
2006/1/9 20:58
From Morelos
Group:
Registered Users
Posts: 13
(Show More) (Show Less)


#2 Posted on: 2006/1/9 21:25 Re: Xoops Pool Module IMG Tag HTML Injection Vulnerability
never heard of Pool Module myself..

Top

m0nty
Joined:
2003/10/24 18:30
From Derbyshire/UK
Group:
BANNED Users
Posts: 3324
(Show More) (Show Less)


#3 Posted on: 2006/1/9 21:37 Re: Xoops Pool Module IMG Tag HTML Injection Vulnerability
Quote:

m0nty wrote:
never heard of Pool Module myself..


I'm new using xoops, searching for this module, don't exist, but maybe to refer a poll module ???

sorry my english is bad

Top

tuxsoul
Joined:
2006/1/9 20:58
From Morelos
Group:
Registered Users
Posts: 13
(Show More) (Show Less)







You can view topic.
You cannot start a new topic.
You cannot reply to posts.
You cannot edit your posts.
You cannot delete your posts.
You cannot add new polls.
You can vote in polls.
You cannot attach files to posts.
You cannot post without approval.
You cannot use topic type.
You cannot use HTML syntax.
You cannot use signature.
You cannot create pdf.
You cannot get print page.

[Advanced Search]