Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xoops vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2009-4714
Cross-site scripting (XSS) vulnerability in the quiz module for XOOPS Celepar allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to cadastro_usuario.php.
Alexandre Amaral Xoops Celepar 1.0.1
1 EDB exploit
4.3
CVSSv2
CVE-2009-4713
Multiple cross-site scripting (XSS) vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote malicious users to inject arbitrary web script or HTML via (1) the cod_categoria parameter to categoria.php, (2) the opcao parameter to index.php, and the PATH_INFO to ...
Alexandre Amaral Xoops Celepar 1.0.1
1 EDB exploit
7.5
CVSSv2
CVE-2007-1846
SQL injection vulnerability in index.php in the MyAds 2.04jp and previous versions module for Xoops allows remote malicious users to execute arbitrary SQL commands via the cid parameter, different vectors than CVE-2006-3341.
Xoops Malaika System Myads Module
1 EDB exploit
6.8
CVSSv2
CVE-2007-3220
PHP remote file inclusion vulnerability in admin/editor2/spaw_control.class.php in the Cjay Content 3 module for XOOPS allows remote malicious users to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this may be a duplicate of CVE-2006-4656.
Xoops Cjay Content Module 3
1 EDB exploit
7.5
CVSSv2
CVE-2008-0936
SQL injection vulnerability in index.php in the Prayer List (prayerlist) 1.04 module for XOOPS allows remote malicious users to execute arbitrary SQL commands via the cid parameter in a view action.
Xoops Prayer List Module 1.04
1 EDB exploit
7.5
CVSSv2
CVE-2007-2370
SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 and previous versions module for XOOPS allows remote malicious users to execute arbitrary SQL commands via the cid parameter in a jobsview action. NOTE: the module name was originally reported as Job Listings.
Xoops John Mordo Jobs Module
1 EDB exploit
6.8
CVSSv2
CVE-2008-0937
SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote malicious users to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811.
Tinyevent Tinyevent 1.01
Xoops Tiny Event Module 1.01
1 EDB exploit
7.5
CVSSv2
CVE-2007-5115
Multiple PHP remote file inclusion vulnerabilities in Ekke Doerre Contenido 42VariablVersion (42VV10) in contenido_hacks in Mods 4 Xoops Contenido eZ publish (pdf4cms) allow remote malicious users to execute arbitrary PHP code via a URL in the cfgPathInc parameter to (1) main_upl...
Ekke Doerre Mods 4 Xoops Contenido Ez Publish
7.5
CVSSv2
CVE-2005-0725
SQL injection vulnerability in the getAllbyArticle function in wfsfiles.php for WF-Sections (wfsections) 1.07 allows remote malicious users to execute arbitrary SQL commands via the articleid parameter to article.php.
Wf-sections Wf-sections 1.07
3 EDB exploits
NA
CVE-2012-09841
XOOPS version 2.5.4 suffers from multiple cross site scripting vulnerabilities.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »