CVE-2008-2035

Cross-site scripting (XSS) vulnerability in the Bluemoon, Inc. (1) BackPack 0.91 and earlier, (2) BmSurvey 0.84 and earlier, (3) newbb_fileup 1.83 and earlier, (4) News_embed (news_fileup) 1.44 and earlier, and (5) PopnupBlog 3.19 and earlier modules for XOOPS 2.0.x, XOOPS Cube 2.1, and ImpressCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

🔗 References (10)

• cve@mitrehttp://jvn.jp/jp/JVN%2331351020/index.html
• cve@mitrehttp://secunia.com/advisories/29993
• cve@mitrehttp://www.bluemooninc.biz/~xoops/modules/news/article.php?storyid=69
• cve@mitrehttp://www.securityfocus.com/bid/28966
• cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/42072
• af854a3a-2127-422b-91ae-364da2661108http://jvn.jp/jp/JVN%2331351020/index.html
• af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29993
• af854a3a-2127-422b-91ae-364da2661108http://www.bluemooninc.biz/~xoops/modules/news/article.php?storyid=69
• af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/28966
• af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/42072