Bug 97522

Summary:	www-apps/xoops: Cross-Site Scripting and SQL Injection Vulnerabilities
Product:	Gentoo Security	Reporter:	Jean-François Brunette (RETIRED) <formula7>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	trivial	CC:	ka0ttic
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://secunia.com/advisories/15843/
Whiteboard:	~3 [noglsa] formula7
Package list:		Runtime testing required:	---

Description Jean-François Brunette (RETIRED) gentoo-dev

2005-06-30 11:35:29 UTC

Description:
James Bercegay has reported some vulnerabilities in Xoops, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

1) Input passed to the "order" parameter in "edit.php" and the "cid" parameter in "comment_edit.php" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) Some input passed via the XML-RPC interface isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerabilities have been reported in version 2.0.11 and prior.

Solution:
Update to version 2.0.12a.
http://www.xoops.org/modules/core/

Provided and/or discovered by:
James Bercegay, GulfTech Security Research Team

Original Advisory:
http://www.gulftech.org/?node=research&article_id=00086-06292005

Comment 1 Jean-François Brunette (RETIRED) gentoo-dev

2005-06-30 11:41:03 UTC

ka0ttic please bump

Comment 2 Aaron Walker (RETIRED) gentoo-dev

2005-06-30 12:10:54 UTC

in cvs.

Comment 3 Jean-François Brunette (RETIRED) gentoo-dev

2005-06-30 15:00:03 UTC

Thanks Aaron. Closing without GLSA.

Comment 4 Jean-François Brunette (RETIRED) gentoo-dev

2005-07-01 04:45:56 UTC

Sorry, forgot to set it FIXED.