Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xoops vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2019-16684
An issue exists in the image-manager in Xoops 2.5.10. When any image with a JavaScript payload as its name is hovered over in the list or in the Edit page, the payload executes.
Xoops Xoops 2.5.10
570
VMScore
CVE-2005-3680
Directory traversal vulnerability in editor_registry.php in XOOPS 2.2.3 allows remote malicious users to read or include arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter.
Xoops Xoops 2.2.3
516
VMScore
CVE-2017-12138
XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter.
Xoops Xoops 2.5.8
755
VMScore
CVE-2007-1979
SQL injection vulnerability in index.php in the PopnupBlog 2.52 and previous versions module for Xoops allows remote malicious users to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NO...
Xoops Xoops Popnupblog
1 EDB exploit
685
VMScore
CVE-2008-6884
Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when register_globals is enabled, allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter to (1) blocks.php and (2) main.php in xoops_lib/modul...
Xoops Xoops 2.3.1
1 EDB exploit
383
VMScore
CVE-2002-2386
Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote malicious users to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag.
Xoops Xoops 1.0 Rc3
NA
CVE-2023-36217
Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote malicious user to execute arbitrary code via the category name field of the image manager function.
Xoops Xoops 2.5.10
383
VMScore
CVE-2017-12139
XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php.
Xoops Xoops 2.5.8
445
VMScore
CVE-2002-0216
userinfo.php in XOOPS 1.0 RC1 allows remote malicious users to obtain sensitive information via a SQL injection attack in the "uid" parameter.
Xoops Xoops 1.0 Rc1
668
VMScore
CVE-2002-0217
Cross-site scripting (CSS) vulnerabilities in the Private Message System for XOOPS 1.0 RC1 allow remote malicious users to execute Javascript on other web clients via (1) the Title field or a Private Message Box or (2) the image field parameter in pmlite.php.
Xoops Xoops 1.0 Rc1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »