alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB_SPECIFIC Possible XOOPS Viewpmesg.php Cross Site Scripting Attack"; flow:to_server,established; uricontent:"/modules/pm/viewpmsg.php"; nocase; uricontent:"