4.3

CVE-2005-2338

EPSS 1.3%
Published 27.10.2005 01:02:00
Last modified 03.04.2025 01:03:51
Source cret@cert.org
Teams watchlist Login
Open Login

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP and earlier, XOOPS 2.0.13.1 and earlier, and 2.2.x up to 2.2.3 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) modules that use "XOOPS Code" and (2) newbb in the forum module.

Affected products Warnungen 0 Metrics 2 CWE 0 References 10

Data is provided by the National Vulnerability Database (NVD)

Xoops ≫ Xoops Version <= 2.0.12_jp

Xoops ≫ Xoops Version <= 2.0.13.1

Xoops ≫ Xoops Version <= 2.2.3_rc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.3%	0.778

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

http://jvn.jp/jp/JVN%2377105349/index.html

http://marc.info/?l=bugtraq&m=113027315412024&w=2

http://secunia.com/advisories/17300

Patch

Vendor Advisory

http://www.kb.cert.org/vuls/id/346302

US Government Resource

http://www.kb.cert.org/vuls/id/683958

US Government Resource

http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/85_e.html

Patch

Vendor Advisory

http://www.securityfocus.com/bid/15195

https://nvd.nist.gov/vuln/detail/CVE-2005-2338

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-2338

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-2338

EUVD