VYPR
Unrated severityNVD Advisory· Published Sep 11, 2014· Updated Jun 16, 2026

CVE-2012-0984

CVE-2012-0984

Description

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) to_userid parameter to modules/pm/pmlite.php or the (2) current_file, (3) imgcat_id, or (4) target parameter to class/xoopseditor/tinymce/tinymce/jscripts/tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • XOOPS/Xoops7 versions
    cpe:2.3:a:xoops:xoops:*:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:xoops:xoops:*:*:*:*:*:*:*:*range: <=2.5.4
    • cpe:2.3:a:xoops:xoops:2.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.5.2:rc:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.5.3:*:*:*:*:*:*:*
    • (no CPE)range: <2.5.5

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.