Unrated severityNVD Advisory· Published Nov 28, 2011· Updated Apr 29, 2026
CVE-2011-4565
CVE-2011-4565
Description
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to include/formdhtmltextarea_preview.php or (2) img BBCODE tag within the message parameter to pmlite.php (aka Private Message). NOTE: some of these details are obtained from third party information.
Affected products
30cpe:2.3:a:xoops:xoops:*:*:*:*:*:*:*:*+ 29 more
- cpe:2.3:a:xoops:xoops:*:*:*:*:*:*:*:*range: <=2.5.1.a
- cpe:2.3:a:xoops:xoops:2.0.13.2:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.14:rc1:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.17.1:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.17.1:rc:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.17.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.18.1:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.18.1:rc:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.18.2:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.18:rc:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.3.2a:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.3.2b:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.3.3b:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.5.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- www.htbridge.ch/advisory/multiple_xss_in_xoops_web_application_platform.htmlnvdExploit
- secunia.com/advisories/46238nvdVendor Advisory
- www.securityfocus.com/bid/49995nvd
- xoops.org/modules/news/article.phpnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/70377nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/70378nvd
News mentions
0No linked articles in our index yet.