Xoops Security Vulnerabilities and Issues — Xoops CVE List

Lucene search

XoopsXoops

9 matches found

CVE•added 2008/12/19 1:52 a.m.•49 views

CVE-2008-5665

SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter.

7.5CVSS8.4AI score0.00144EPSS

CVE•added 2008/03/06 1:0 a.m.•41 views

CVE-2003-1550

XOOPS 2.0, and possibly earlier versions, allows remote attackers to obtain sensitive information via an invalid xoopsOption parameter, which reveals the installation path in an error message.

5CVSS6.7AI score0.06202EPSS

CVE•added 2008/02/06 12:0 p.m.•37 views

CVE-2008-0613

Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter.

5CVSS6.7AI score0.01834EPSS

CVE•added 2008/07/25 1:41 p.m.•36 views

CVE-2008-3295

Cross-site scripting (XSS) vulnerability in modules/system/admin.php in XOOPS 2.0.18.1 allows remote attackers to inject arbitrary web script or HTML via the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

4.3CVSS5.6AI score0.00355EPSS

CVE•added 2008/02/06 12:0 p.m.•35 views

CVE-2008-0612

Directory traversal vulnerability in htdocs/install/index.php in XOOPS 2.0.18 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.

7.5CVSS7.1AI score0.04025EPSS

CVE•added 2008/04/30 4:17 p.m.•33 views

CVE-2008-2035

Cross-site scripting (XSS) vulnerability in the Bluemoon, Inc. (1) BackPack 0.91 and earlier, (2) BmSurvey 0.84 and earlier, (3) newbb_fileup 1.83 and earlier, (4) News_embed (news_fileup) 1.44 and earlier, and (5) PopnupBlog 3.19 and earlier modules for XOOPS 2.0.x, XOOPS Cube 2.1, and ImpressCMS ...

4.3CVSS5.7AI score0.00329EPSS

CVE•added 2008/01/08 7:46 p.m.•31 views

CVE-2007-6675

The b_system_comments_show function in htdocs/modules/system/blocks/system_blocks.php in XOOPS before 2.0.18 does not check permissions, which allows remote attackers to read the comments in restricted modules.

5CVSS6.6AI score0.00234EPSS

CVE•added 2008/07/25 1:41 p.m.•31 views

CVE-2008-3296

Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informa...

7.5CVSS6.9AI score0.01725EPSS

CVE•added 2008/02/06 12:0 p.m.•26 views

CVE-2008-0611

SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery System 2.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5CVSS8.4AI score0.00249EPSS