Filtered by vendor Xoops
Subscribe
Total
101 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1976 | 1 Xoops | 1 Xoops Virii Info Module | 2024-05-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. NOTE: the issue has been disputed by a reliable third party, stating that the application's checkSuperglobals function defends against the attack | |||||
| CVE-2009-2783 | 1 Xoops | 1 Xoops | 2024-02-14 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) op parameter to modules/pm/viewpmsg.php and (2) query string to modules/profile/user.php. | |||||
| CVE-2006-5810 | 1 Xoops | 1 Xoops | 2024-02-14 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist.php in XOOPS 1.0 allows remote attackers to inject arbitrary web script or HTML via the newdownloadshowdays parameter. | |||||
| CVE-2023-36217 | 1 Xoops | 1 Xoops | 2023-08-08 | N/A | 9.0 CRITICAL |
| Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function. | |||||
| CVE-2019-16684 | 1 Xoops | 1 Xoops | 2019-10-04 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the image-manager in Xoops 2.5.10. When any image with a JavaScript payload as its name is hovered over in the list or in the Edit page, the payload executes. | |||||
| CVE-2019-16683 | 1 Xoops | 1 Xoops | 2019-10-04 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the image-manager in Xoops 2.5.10. When the breadcrumb showing the category name is hovered over while editing any image, a JavaScript payload executes. | |||||
| CVE-2006-0198 | 1 Xoops | 1 Xoops Pool Module | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment. | |||||
| CVE-2006-3363 | 1 Xoops | 1 Xoops Glossaire Module | 2018-10-18 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in the Glossaire module 1.7 for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the pa parameter. | |||||
| CVE-2006-2516 | 1 Xoops | 1 Xoops | 2018-10-18 | 5.1 MEDIUM | N/A |
| mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file. | |||||
| CVE-2006-5532 | 1 Xoops | 1 Xoops Rmsoft Gallery System | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in rmgs/images.php in RMSOFT Gallery System 2.0 allows remote attackers to inject arbitrary web script or HTML via the kw parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-4417 | 1 Xoops | 1 Xoops | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in edituser.php in Xoops before 2.0.15 allows remote attackers to execute arbitrary SQL commands via the user_avatar parameter. | |||||
| CVE-2007-3311 | 1 Xoops | 1 Articles Module | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in print.php in the Articles 1.02 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-1974 | 2 Wf-sections, Xoops | 3 Wf-sections, Happy Linux Xfsection Module, Zmagazine Module | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php. | |||||
| CVE-2007-1838 | 1 Xoops | 1 Friendfinder Module | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in the Friendfinder 3.3 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0377 | 1 Xoops | 1 Xoops | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/table_broken.php in the Weblinks module, and other unspecified vectors. | |||||
| CVE-2008-0874 | 1 Xoops | 1 Eempregos Module | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the eEmpregos module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action. | |||||
| CVE-2008-0847 | 1 Xoops | 1 Mytopics | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in print.php in the myTopics module for XOOPS allows remote attackers to execute arbitrary SQL commands via the articleid parameter. | |||||
| CVE-2008-0613 | 1 Xoops | 1 Xoops | 2018-10-15 | 5.0 MEDIUM | N/A |
| Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter. | |||||
| CVE-2008-0612 | 1 Xoops | 1 Xoops | 2018-10-15 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in htdocs/install/index.php in XOOPS 2.0.18 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2007-5978 | 1 Xoops | 1 Mylinks Module | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in brokenlink.php in the mylinks module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter. | |||||