CVE-2003-1453
XOOPS 1.3.5-1.3.9 and 2.0-2.0.1 - Cross-Site Scripting via IMG Tag
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2003-1453. PoCs published by magistrat.
AI-analyzed exploit summary The exploit describes an HTML injection vulnerability in Xoops due to insufficient filtering by the MyTextSanitizer script. It allows arbitrary HTML or script code execution within a user's browser via embedded script code in HTML <img> tags.
Description
Cross-site scripting (XSS) vulnerability in the MytextSanitizer function in XOOPS 1.3.5 through 1.3.9 and XOOPS 2.0 through 2.0.1 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in an IMG tag.
Exploits (1)
The exploit describes an HTML injection vulnerability in Xoops due to insufficient filtering by the MyTextSanitizer script. It allows arbitrary HTML or script code execution within a user's browser via embedded script code in HTML <img> tags.