anyone else having problems with users receiving realtime virsu scan errors when accessing your XOOPS website for the MHTMLRedir.Exploit virus? I've seen users of Nuke who have somehow had this virus dropped into the footers or headers of their database files. I'm seeing it on my site too, but haven't been able to find it.

Anyone have ideas? This is from "CastleCops"

Secunia

Secunia Highlights:
Internet Explorer URL Spoofing Vulnerability
A vulnerability has been identified in Internet Explorer, which can be exploited by malicious people to display a fake URL in the address and status bars.
rsync File Handling Integer Overflow Vulnerability
A vulnerability has been identified in rsync, which can be exploited by malicious people to compromise a vulnerable system.

Latest 15 Secunia Security Advisories:
2003-12-22
- mvdsv Download Function Buffer Overflow Vulnerability

- Dada Mail Non-Random Verification PIN

- Xoops URL Parameter Cross Site Scripting Vulnerability and XOOPS Input Filtering Flaw in Weblinks 'myheader.php' Permits Cross-Site Scripting Attacks

Chintan Trivedi from Eye On Security Research Group India reported an input validation vulnerability in the XOOPS weblinks module. A remote user can conduct cross-site scripting attacks.

Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information

as you can tell by the date, that vulnerability is fairly old and was patched in XOOPS 2.0.5.2

taken from the changelog from that release:
Quote: