Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xoops vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-36217
Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote malicious user to execute arbitrary code via the category name field of the image manager function.
Xoops Xoops 2.5.10
6.8
CVSSv2
CVE-2006-5810
Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist.php in XOOPS 1.0 allows remote malicious users to inject arbitrary web script or HTML via the newdownloadshowdays parameter.
Xoops Xoops 1.0
1 EDB exploit
7.5
CVSSv2
CVE-2008-0612
Directory traversal vulnerability in htdocs/install/index.php in XOOPS 2.0.18 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
Xoops Xoops 2.0.18
1 EDB exploit
6.8
CVSSv2
CVE-2008-6884
Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when register_globals is enabled, allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter to (1) blocks.php and (2) main.php in xoops_lib/modul...
Xoops Xoops 2.3.1
1 EDB exploit
6.4
CVSSv2
CVE-2005-3680
Directory traversal vulnerability in editor_registry.php in XOOPS 2.2.3 allows remote malicious users to read or include arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter.
Xoops Xoops 2.2.3
5.8
CVSSv2
CVE-2017-12138
XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter.
Xoops Xoops 2.5.8
7.5
CVSSv2
CVE-2007-0377
Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote malicious users to execute arbitrary SQL commands via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/table_broken.php in the Weblinks module, and other unspecified vectors.
Xoops Xoops 2.0.16
4.3
CVSSv2
CVE-2009-2783
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 allow remote malicious users to inject arbitrary web script or HTML via the (1) op parameter to modules/pm/viewpmsg.php and (2) query string to modules/profile/user.php.
Xoops Xoops 2.3.3
1 EDB exploit
7.5
CVSSv2
CVE-2007-1979
SQL injection vulnerability in index.php in the PopnupBlog 2.52 and previous versions module for Xoops allows remote malicious users to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NO...
Xoops Xoops Popnupblog
1 EDB exploit
5
CVSSv2
CVE-2002-0216
userinfo.php in XOOPS 1.0 RC1 allows remote malicious users to obtain sensitive information via a SQL injection attack in the "uid" parameter.
Xoops Xoops 1.0 Rc1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »