CVE-2005-2112

XOOPS <= 2.0.11 - Cross-Site Scripting via Order or CID Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2112. PoCs published by GulfTech Security.

AI-analyzed exploit summary This is a detailed technical writeup describing SQL injection and XSS vulnerabilities in XOOPS CMS. It includes root cause analysis, affected functions, and proof-of-concept examples for exploitation.

Description

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php.

Exploits (1)

exploitdb WRITEUP
by GulfTech Security · textwebappsphp
https://www.exploit-db.com/exploits/43827

This is a detailed technical writeup describing SQL injection and XSS vulnerabilities in XOOPS CMS. It includes root cause analysis, affected functions, and proof-of-concept examples for exploitation.

Classification
Writeup 95%
Attack Type
Sqli | Xss
Complexity
Moderate
Reliability
Reliable
Target: XOOPS <= 2.0.11
No auth needed
Prerequisites: XOOPS installation with XMLRPC enabled · Network access to the target
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112006318512991&w=2
Exploit, Patch, Vendor Advisory x_refsource_misc
http://www.gulftech.org/?node=research&article_id=00086-06292005
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/15843

Scores

EPSS 0.0174
EPSS Percentile 74.7%

Details

Status published
Products (15)
xoops/xoops 2.0
xoops/xoops 2.0.1
xoops/xoops 2.0.2
xoops/xoops 2.0.3
xoops/xoops 2.0.4
xoops/xoops 2.0.5
xoops/xoops 2.0.5.1
xoops/xoops 2.0.5.2
xoops/xoops 2.0.6
xoops/xoops 2.0.7
... and 5 more
Published Jul 05, 2005
Tracked Since Feb 18, 2026