Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist.php in XOOPS 1.0 allows remote attackers to inject arbitrary web script or HTML via the newdownloadshowdays parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 72.3%