Xoops@2.0.18 Security Vulnerabilities and Issues — Xoops@2.0.18 CVE List

Lucene search

XoopsXoops2.0.18

5 matches found

CVE•added 2010/05/07 6:30 p.m.•46 views

CVE-2009-4851

The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php.

5CVSS7AI score0.00264EPSS

CVE•added 2009/11/17 6:30 p.m.•43 views

CVE-2009-3963

Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final have unknown impact and attack vectors.

7.5CVSS6.8AI score0.0036EPSS

CVE•added 2008/02/06 12:0 p.m.•37 views

CVE-2008-0613

Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter.

5CVSS6.7AI score0.01834EPSS

CVE•added 2008/02/06 12:0 p.m.•35 views

CVE-2008-0612

Directory traversal vulnerability in htdocs/install/index.php in XOOPS 2.0.18 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.

7.5CVSS7.1AI score0.04025EPSS

CVE•added 2011/11/28 9:55 p.m.•34 views

CVE-2011-4565

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to include/formdhtmltextarea_preview.php or (2) img BBCODE tag within the message parameter to pmlite.php (ak...

4.3CVSS6AI score0.00475EPSS