31 Jul Security Advisory – SOS-09-005 – XOOPS Multiple Cross-Site Scripting Vulnerabilities
Release Date: 31-Jul-2009
Last Update: –
Vendor Notification Date: 15-Jun-2009
Affected versions: 2.3.3 (verified), possibly others
Severity Rating: Medium
Impact: Cookie/credential theft, impersonation, loss of
Attack Vector: Remote
Solution Status: Vendor patch
CVE reference: Not yet assigned
Please refer to the PDF version of this advisory for proof of concept code examples.
Sense of Security Labs.