Users login

Create an account »


Users login

Home » Hacking News » Xoops MyTextSanitizer HTML injection vulnerability

Xoops MyTextSanitizer HTML injection vulnerability

by Mario Miri on May 13th, 2003 It has been reported that some versions of Xoops are prone to HTML/script injectin attacks due to insufficient sanitization of user supplied data in MyTextSanitizer script. The HTML/script code injected would be interpreted in web browsers of legitimate users.

Xoops 1.3.5
Xoops 1.3.6
Xoops 1.3.7
Xoops 1.3.8
Xoops 1.3.9
Xoops 2.0
Xoops 2.0.1

Versions 1.3.10 and 2.0.2 address this issue. Users are advised to upgrade.
Xoops 1.3.10 =>
Xoops 2.0.2 =>

Discovered by:
magistrat, [email protected]

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »