|
Xoops Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA17300
|
|
|
Release Date:
|
2005-10-25
|
|
Last Update:
|
2005-11-08
|
|
Popularity:
|
8,331 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Security Bypass
Cross Site Scripting
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Xoops 2.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
Some vulnerabilities have been reported in Xoops, which can be exploited by malicious people to conduct script insertion attacks, cause a DoS (Denial of Service), and to bypass certain security restrictions.
1) Input passed to certain "XOOPS Code" tags isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Certain input passed to the "newbb" forum module and to the comments system isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session when the user views a submitted forum message.
3) Input passed to the "usersEmail" parameter in the "contact" module isn't properly sanitised before being used as email-address. This can be exploited to inject custom headers into e-mails that are sent from Xoops by inserting newline characters in the mail address.
4) An input validation error in handling image upload can potentially be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site by uploading a file with a valid image file extension but containing embedded HTML and script code.
Success exploitation requires that image upload is enabled and that the malicious file is accessed directly using the Internet Explorer browser.
Vulnerabilities #1, #2, #3 and #4 have been reported in the following versions:
* Xoops 2.0.12 JP and prior.
* Xoops 2.0.13.1 and prior.
* Xoops 2.2.3 RC1 and prior.
5) A vulnerability in PHPMailer can be exploited by malicious people to cause a DoS (Denial of Service).
For more information:
SA15543
The vulnerability has been reported in the following versions:
* Xoops 2.0.10-JP RC2 and prior.
* Xoops 2.0.13.1 and prior.
* Xoops 2.2.0.
Solution:
Update to the fixed versions.
Xoops 2.0.12 JP and prior:
Update to version 2.0.13a JP. (Note: Version 2.0.13 JP is reportedly missing a fix).
Xoops 2.0.x:
Update to version 2.0.13.2.
Xoops 2.2.x
Update to version 2.2.3.
Provided and/or discovered by:
1-2) Keigo Yamazaki, Little eArth Corporation (LAC).
Changelog:
2005-11-08: Updated "Solution Status", "Description" and "Solution" sections.
Original Advisory:
Little eArth Corporation (LAC):
http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/85_e.html
Other References:
SA15543:
http://secunia.com/advisories/15543/
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
Today
|
New advisories:
|
5 |
|
New vulnerabilities:
|
6 |
|
Updated advisories:
|
9 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5th Sep, 2008
|
New advisories:
|
14 |
|
New vulnerabilities:
|
18 |
|
Updated advisories:
|
22 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 Solutions | More...
|
|
