Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xoops xoops vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2019-16683
An issue exists in the image-manager in Xoops 2.5.10. When the breadcrumb showing the category name is hovered over while editing any image, a JavaScript payload executes.
Xoops Xoops 2.5.10
312
VMScore
CVE-2019-16684
An issue exists in the image-manager in Xoops 2.5.10. When any image with a JavaScript payload as its name is hovered over in the list or in the Edit page, the payload executes.
Xoops Xoops 2.5.10
445
VMScore
CVE-2011-3822
XOOPS 2.5.0 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/system/xoops_version.php and certain other files.
Xoops Xoops 2.5.0
755
VMScore
CVE-2008-0612
Directory traversal vulnerability in htdocs/install/index.php in XOOPS 2.0.18 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
Xoops Xoops 2.0.18
1 EDB exploit
505
VMScore
CVE-2008-0613
Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter.
Xoops Xoops 2.0.18
1 EDB exploit
685
VMScore
CVE-2006-5810
Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist.php in XOOPS 1.0 allows remote malicious users to inject arbitrary web script or HTML via the newdownloadshowdays parameter.
Xoops Xoops 1.0
1 EDB exploit
435
VMScore
CVE-2008-3295
Cross-site scripting (XSS) vulnerability in modules/system/admin.php in XOOPS 2.0.18.1 allows remote malicious users to inject arbitrary web script or HTML via the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
Xoops Xoops 2.0.18.1
1 EDB exploit
435
VMScore
CVE-2009-2783
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 allow remote malicious users to inject arbitrary web script or HTML via the (1) op parameter to modules/pm/viewpmsg.php and (2) query string to modules/profile/user.php.
Xoops Xoops 2.3.3
1 EDB exploit
668
VMScore
CVE-2017-11174
In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses.
Xoops Xoops 2.5.8.1
NA
CVE-2023-36217
Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote malicious user to execute arbitrary code via the category name field of the image manager function.
Xoops Xoops 2.5.10
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »