Xoops Security Vulnerabilities and Issues — Xoops CVE List

Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist.php in XOOPS 1.0 allows remote attackers to inject arbitrary web script or HTML via the newdownloadshowdays parameter.

6.8CVSS6AI score0.00353EPSS

CVE•added 2005/11/18 11:3 p.m.•42 views

CVE-2005-3680

Directory traversal vulnerability in editor_registry.php in XOOPS 2.2.3 allows remote attackers to read or include arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter.

6.4CVSS6.5AI score0.00678EPSS

CVE•added 2009/07/31 8:30 p.m.•39 views

CVE-2008-6884

Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter to (1) blocks.php and (2) main.php in xoops_lib/modules/protector/.

6.8CVSS7.5AI score0.05657EPSS

CVE•added 2014/11/20 1:55 p.m.•36 views

CVE-2014-8999

SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter.

6.5CVSS8.2AI score0.00308EPSS