Xoops Security Vulnerabilities and Issues — Xoops CVE List

Lucene search

XoopsXoops

6 matches found

CVE•added 2005/07/05 4:0 a.m.•46 views

CVE-2005-2112

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php.

4.3CVSS5.8AI score0.00558EPSS

CVE•added 2005/07/05 4:0 a.m.•43 views

CVE-2005-2113

SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost method.

7.5CVSS8.6AI score0.00973EPSS

CVE•added 2005/11/18 11:3 p.m.•42 views

CVE-2005-3680

Directory traversal vulnerability in editor_registry.php in XOOPS 2.2.3 allows remote attackers to read or include arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter.

6.4CVSS6.5AI score0.00678EPSS

CVE•added 2005/06/28 4:0 a.m.•41 views

CVE-2002-1802

Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag when submitting news.

4.3CVSS5.7AI score0.00646EPSS

CVE•added 2005/10/27 1:2 a.m.•38 views

CVE-2005-2338

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP and earlier, XOOPS 2.0.13.1 and earlier, and 2.2.x up to 2.2.3 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) modules that use "XOOPS Code" and (2) newbb in the forum module.

4.3CVSS5.8AI score0.01296EPSS

CVE•added 2005/05/02 4:0 a.m.•33 views

CVE-2005-0743

The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered.

7.5CVSS7.4AI score0.00911EPSS