Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xoops xoops vulnerabilities and exploits
(subscribe to this query)
685
VMScore
CVE-2008-6884
Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when register_globals is enabled, allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter to (1) blocks.php and (2) main.php in xoops_lib/modul...
Xoops Xoops 2.3.1
1 EDB exploit
755
VMScore
CVE-2007-1979
SQL injection vulnerability in index.php in the PopnupBlog 2.52 and previous versions module for Xoops allows remote malicious users to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NO...
Xoops Xoops Popnupblog
1 EDB exploit
505
VMScore
CVE-2008-0613
Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter.
Xoops Xoops 2.0.18
1 EDB exploit
383
VMScore
CVE-2002-2386
Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote malicious users to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag.
Xoops Xoops 1.0 Rc3
435
VMScore
CVE-2008-3295
Cross-site scripting (XSS) vulnerability in modules/system/admin.php in XOOPS 2.0.18.1 allows remote malicious users to inject arbitrary web script or HTML via the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
Xoops Xoops 2.0.18.1
1 EDB exploit
755
VMScore
CVE-2008-3296
Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely...
Xoops Xoops 2.0.18.1
1 EDB exploit
435
VMScore
CVE-2009-2783
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 allow remote malicious users to inject arbitrary web script or HTML via the (1) op parameter to modules/pm/viewpmsg.php and (2) query string to modules/profile/user.php.
Xoops Xoops 2.3.3
1 EDB exploit
516
VMScore
CVE-2017-12138
XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter.
Xoops Xoops 2.5.8
383
VMScore
CVE-2017-12139
XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php.
Xoops Xoops 2.5.8
445
VMScore
CVE-2002-0216
userinfo.php in XOOPS 1.0 RC1 allows remote malicious users to obtain sensitive information via a SQL injection attack in the "uid" parameter.
Xoops Xoops 1.0 Rc1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »