• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Multiple Bluemoon inc. Modules for XOOPS Unspecified Cross Site Scripting Vulnerabilities

Multiple Bluemoon inc. modules for XOOPS are prone to unspecified cross-site scripting vulnerabilities because the applications fail to sufficiently sanitize user-supplied data.

An attacker can leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

These issues affect the following Bluemoon inc. modules for XOOPS:

BackPack 0.91 and earlier
BmSurvey 0.84 and earlier
newbb_fileup 1.83 and earlier
News_embed (news_fileup) 1.44 and earlier
PopnupBlog 3.19 and earlier