XOOPS CVE-2017-7944 Cross Site Scripting Vulnerability

XOOPS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

XOOPS Core 2.5.8.1 is vulnerable; other versions may also be affected.

Information

Bugtraq ID: 97978
Class: Input Validation Error
CVE: CVE-2017-7944

Remote: Yes
Local: No
Published: Apr 18 2017 12:00AM
Updated: Apr 24 2017 09:08PM
Credit: Nguyen Thanh Nguyen
Vulnerable: Xoops Xoops 2.5.8.1

Not Vulnerable:

Exploit

To exploit this issue the attacker needs to entice a user into following a malicious URI.

References:

XOOPS Core 2.5.8.1 Install DB Cross-Site Scripting (Nguyen Thanh Nguyen)
Xoops Homepage (Xoops)

Source: www.securityfocus.com

Exploit Collector

Search Exploit