Xoops Security Vulnerabilities and Issues — Xoops CVE List

Lucene search

XoopsXoops

5 matches found

CVE•added 2017/08/02 5:29 a.m.•61 views

CVE-2017-12138

XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter.

6.1CVSS6.2AI score0.16831EPSS

CVE•added 2017/03/30 7:59 a.m.•54 views

CVE-2017-7290

SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses "into outfile" to create a backdoor program.

7.2CVSS7.2AI score0.00641EPSS

CVE•added 2017/08/02 5:29 a.m.•50 views

CVE-2017-12139

XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php.

6.1CVSS5.9AI score0.00234EPSS

CVE•added 2017/04/24 10:59 a.m.•48 views

CVE-2017-7944

XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install DB failure error message in page_dbsettings.php.

6.1CVSS6.1AI score0.00234EPSS

CVE•added 2017/07/12 9:29 p.m.•45 views

CVE-2017-11174

In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses.

9.8CVSS9.8AI score0.0025EPSS