Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xoops vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2019-16684
An issue exists in the image-manager in Xoops 2.5.10. When any image with a JavaScript payload as its name is hovered over in the list or in the Edit page, the payload executes.
Xoops Xoops 2.5.10
NA
CVE-2023-36217
Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote malicious user to execute arbitrary code via the category name field of the image manager function.
Xoops Xoops 2.5.10
7.5
CVSSv2
CVE-2007-2738
SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 and previous versions module for Xoops allows remote malicious users to execute arbitrary SQL commands via the sid parameter in an ImprDef action.
Xoops Xoops Glossaire Module
1 EDB exploit
4.3
CVSSv2
CVE-2006-0198
Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote malicious users to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment.
Xoops Xoops Pool Module
1 EDB exploit
7.5
CVSSv2
CVE-2009-4582
SQL injection vulnerability in detail.php in the Dictionary module for XOOPS 2.0.18 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Xoops Xoops Dictionary 2.0.18
1 EDB exploit
4.3
CVSSv2
CVE-2005-0910
Multiple cross-site scripting (XSS) vulnerabilities in exoops allow remote malicious users to inject arbitrary web script or HTML via (1) the sortdays parameter to viewforum.php or (2) the viewcat parameter to index.php.
E-xoops E-xoops
7.5
CVSSv2
CVE-2005-0911
Multiple SQL injection vulnerabilities in exoops may allow remote malicious users to execute arbitrary SQL commands via (1) the viewcat parameter to index.php or (2) the artid parameter in the viewarticle action for index.php.
E-xoops E-xoops
4.3
CVSSv2
CVE-2008-2035
Cross-site scripting (XSS) vulnerability in the Bluemoon, Inc. (1) BackPack 0.91 and previous versions, (2) BmSurvey 0.84 and previous versions, (3) newbb_fileup 1.83 and previous versions, (4) News_embed (news_fileup) 1.44 and previous versions, and (5) PopnupBlog 3.19 and previ...
Xoops Xoops Cube 2.1
Bluemoon Backpack
Bluemoon News Fileup
Bluemoon Popnupblog
Bluemoon Bmsurvey
Bluemoon Newbb Fileup
Xoops Xoops 2.0
7.5
CVSSv2
CVE-2007-1976
PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and previous versions module for Xoops allows remote malicious users to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. NOTE: the issue has been disputed by a reliable third ...
Xoops Xoops Virii Info Module
5.1
CVSSv2
CVE-2006-3363
PHP remote file inclusion vulnerability in index.php in the Glossaire module 1.7 for Xoops allows remote malicious users to execute arbitrary PHP code via a URL in the pa parameter.
Xoops Xoops Glossaire Module 1.7
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »