{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-10-25T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP and earlier, XOOPS 2.0.13.1 and earlier, and 2.2.x up to 2.2.3 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) modules that use \"XOOPS Code\" and (2) newbb in the forum module."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-10-17T13:57:01.000Z", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "17300", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17300"}, {"tags": ["x_refsource_MISC"], "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/85_e.html"}, {"name": "JVN#77105349", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/jp/JVN%2377105349/index.html"}, {"name": "15195", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/15195"}, {"name": "20051025 [SNS Advisory No.85] XOOPS Multiple Cross-site Scripting Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=113027315412024&w=2"}, {"name": "VU#346302", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/346302"}, {"name": "VU#683958", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/683958"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2005-2338", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP and earlier, XOOPS 2.0.13.1 and earlier, and 2.2.x up to 2.2.3 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) modules that use \"XOOPS Code\" and (2) newbb in the forum module."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "17300", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17300"}, {"name": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/85_e.html", "refsource": "MISC", "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/85_e.html"}, {"name": "JVN#77105349", "refsource": "JVN", "url": "http://jvn.jp/jp/JVN%2377105349/index.html"}, {"name": "15195", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15195"}, {"name": "20051025 [SNS Advisory No.85] XOOPS Multiple Cross-site Scripting Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=113027315412024&w=2"}, {"name": "VU#346302", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/346302"}, {"name": "VU#683958", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/683958"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T22:22:49.037Z"}, "title": "CVE Program Container", "references": [{"name": "17300", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/17300"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/85_e.html"}, {"name": "JVN#77105349", "tags": ["third-party-advisory", "x_refsource_JVN", "x_transferred"], "url": "http://jvn.jp/jp/JVN%2377105349/index.html"}, {"name": "15195", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/15195"}, {"name": "20051025 [SNS Advisory No.85] XOOPS Multiple Cross-site Scripting Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=113027315412024&w=2"}, {"name": "VU#346302", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/346302"}, {"name": "VU#683958", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/683958"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2005-2338", "datePublished": "2005-10-26T04:00:00.000Z", "dateReserved": "2005-07-21T00:00:00.000Z", "dateUpdated": "2024-08-07T22:22:49.037Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xoops:xoops:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C02065E-81F9-481B-9281-0BDCCA45A1AF", "versionEndIncluding": "2.0.12_jp", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:*:*:*:*:*:*:*:*", "matchCriteriaId": "06420D72-2A5F-4044-8DA7-7D7261CF16B1", "versionEndIncluding": "2.0.13.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C48026D-6730-4C27-9B0C-279797D8156C", "versionEndIncluding": "2.2.3_rc1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP and earlier, XOOPS 2.0.13.1 and earlier, and 2.2.x up to 2.2.3 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) modules that use \"XOOPS Code\" and (2) newbb in the forum module."}], "id": "CVE-2005-2338", "lastModified": "2026-04-16T00:27:16.627", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-10-27T01:02:00.000", "references": [{"source": "cret@cert.org", "url": "http://jvn.jp/jp/JVN%2377105349/index.html"}, {"source": "cret@cert.org", "url": "http://marc.info/?l=bugtraq&m=113027315412024&w=2"}, {"source": "cret@cert.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/17300"}, {"source": "cret@cert.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/346302"}, {"source": "cret@cert.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/683958"}, {"source": "cret@cert.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/85_e.html"}, {"source": "cret@cert.org", "url": "http://www.securityfocus.com/bid/15195"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://jvn.jp/jp/JVN%2377105349/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=113027315412024&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/17300"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/346302"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/683958"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/85_e.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/15195"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}