============================================
CVE: CVE-2017-7944
============================================
Credit: Nguyen Thanh Nguyen
============================================
Dates: April 18, 2017
============================================
Vendor: http://xoops.org/
============================================
Product: XOOPS Core
============================================
Versions Affected: 2.5.8.1
============================================
Risk / Severity Rating: Low
============================================
Vulnerability Description and Impact:
Description: XSS occurs in page_dbsettings.php via error message when install db failed due to unescape html output.
Impact: context-dependent, such like force victim to change database name, charset, collation, or make a open redirect to some malicious site.
============================================
Solution: Don’t output what user input, or sanitize it first.
============================================
Pingback: SB17-121: Vulnerability Summary for the Week of April 24, 2017 – sec.uno