Fork me on GitHub

Search

Donat-O-Meter

Make donations with PayPal!
Stats
Goal: $100.00
Due Date: Apr 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00

Learn XOOPS Core

Local Support

Advertisement

XOOPS Code hosted on SourceForge

Cumulus Tag Cloud

- 2 2.5 2.6 4 6 Abuse admin Android AntiHarvesting AntiSpam API Apple Battlefield Blocks Bootstrap Captcha cell chronolabs Cloud content CĂN demo Digitally download Dresses facebook Fat floor for free Gateway Google Guide herre Home Honeypot HP html5 Human HỘ IP iPhone jQuery Language Law Legal List Loss module modules Monster new newbb news NHÀ online PARK Payment phone PHP Prevention profile project Protector publisher Rapid RESIDENCE responsive review Rights rmcommon Room security Sentry Signed site Smartphone Smarty Solution Spam stem Studio support tag tags tdmcreate The Theme themes User userlog web weight xoops Xortify XPayment ZendFramework

New Users

Registering user

# 138253

natalka

Welcome to XOOPS!




Bottom   Previous Topic   Next Topic  |  Register To Post



#1 Posted on: 2006/1/9 21:10 Xoops Pool Module IMG Tag HTML Injection Vulnerability
Xoops Pool Module IMG Tag HTML Injection Vulnerability

The XOOPS Pool Module is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.

http://www.securityfocus.com/bid/16189/info

-------

I see this report in securityfocus.com, somebody know about this ?

sorry my english is bad

Top

tuxsoul
Joined:
2006/1/9 20:58
From Morelos
Group:
Registered Users
Posts: 13
(Show More) (Show Less)


#2 Posted on: 2006/1/9 21:25 Re: Xoops Pool Module IMG Tag HTML Injection Vulnerability
never heard of Pool Module myself..

Top

m0nty
Joined:
2003/10/24 18:30
From Derbyshire/UK
Group:
BANNED Users
Posts: 3324
(Show More) (Show Less)


#3 Posted on: 2006/1/9 21:37 Re: Xoops Pool Module IMG Tag HTML Injection Vulnerability
Quote:

m0nty wrote:
never heard of Pool Module myself..


I'm new using xoops, searching for this module, don't exist, but maybe to refer a poll module ???

sorry my english is bad

Top

tuxsoul
Joined:
2006/1/9 20:58
From Morelos
Group:
Registered Users
Posts: 13
(Show More) (Show Less)







You can view topic.
You cannot start a new topic.
You cannot reply to posts.
You cannot edit your posts.
You cannot delete your posts.
You cannot add new polls.
You can vote in polls.
You cannot attach files to posts.
You cannot post without approval.
You cannot use topic type.
You cannot use HTML syntax.
You cannot use signature.
You cannot create pdf.
You cannot get print page.

[Advanced Search]