Cross-site scripting (XSS) vulnerability in the quiz module for XOOPS Celepar allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to cadastro_usuario.php.
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Link | Tags |
---|---|
http://www.osvdb.org/56598 | vdb entry |
http://packetstormsecurity.org/0907-exploits/xoopsceleparquiz-xss.txt | exploit |
http://secunia.com/advisories/35966 | third party advisory vendor advisory |