Filtered by vendor Xoops
Subscriptions
Total
101 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2007-1976 | 1 Xoops | 1 Xoops Virii Info Module | 2024-05-17 | N/A |
PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. NOTE: the issue has been disputed by a reliable third party, stating that the application's checkSuperglobals function defends against the attack | ||||
CVE-2009-2783 | 1 Xoops | 1 Xoops | 2024-02-14 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) op parameter to modules/pm/viewpmsg.php and (2) query string to modules/profile/user.php. | ||||
CVE-2006-5810 | 1 Xoops | 1 Xoops | 2024-02-14 | N/A |
Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist.php in XOOPS 1.0 allows remote attackers to inject arbitrary web script or HTML via the newdownloadshowdays parameter. | ||||
CVE-2023-36217 | 1 Xoops | 1 Xoops | 2023-08-08 | 9.0 Critical |
Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function. | ||||
CVE-2009-0805 | 2 Mihai Bazon, Xoops | 2 Pical, Xoops | 2022-10-03 | N/A |
Cross-site scripting (XSS) vulnerability in piCal 0.91h and earlier, a module for XOOPS, allows remote attackers to inject arbitrary web script or HTML via the event_id parameter in index.php. | ||||
CVE-2009-4851 | 1 Xoops | 1 Xoops | 2022-10-03 | N/A |
The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php. | ||||
CVE-2009-3240 | 2 Ohwada, Xoops | 2 Xf-section, Xoops | 2022-10-03 | N/A |
Cross-site scripting (XSS) vulnerability in the Happy Linux XF-Section module 1.12a for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2002-2391 | 2 Webchat.org, Xoops | 2 Webchat, Xoops | 2022-10-03 | N/A |
SQL injection vulnerability in index.php of WebChat 1.5 included in XOOPS 1.0 allows remote attackers to execute arbitrary SQL commands via the roomid parameter. | ||||
CVE-2002-2386 | 1 Xoops | 1 Xoops | 2022-10-03 | N/A |
Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag. | ||||
CVE-2002-1802 | 1 Xoops | 1 Xoops | 2022-10-03 | N/A |
Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag when submitting news. | ||||
CVE-2014-8999 | 1 Xoops | 1 Xoops | 2022-10-03 | N/A |
SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter. | ||||
CVE-2014-3935 | 1 Xoops | 1 Glossaire Module | 2022-10-03 | N/A |
SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter. | ||||
CVE-2011-3822 | 1 Xoops | 1 Xoops | 2022-10-03 | N/A |
XOOPS 2.5.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/system/xoops_version.php and certain other files. | ||||
CVE-2007-6675 | 1 Xoops | 1 Xoops | 2022-10-03 | N/A |
The b_system_comments_show function in htdocs/modules/system/blocks/system_blocks.php in XOOPS before 2.0.18 does not check permissions, which allows remote attackers to read the comments in restricted modules. | ||||
CVE-2004-2756 | 1 Xoops | 1 Xoops | 2022-10-03 | N/A |
Cross-site scripting (XSS) vulnerability in viewtopic.php in Xoops 2.x, possibly 2 through 2.0.5, allows remote attackers to inject arbitrary web script or HTML via the (1) forum and (2) topic_id parameters. | ||||
CVE-2008-0937 | 2 Tinyevent, Xoops | 2 Tinyevent, Tiny Event Module | 2022-10-03 | N/A |
SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811. | ||||
CVE-2008-0936 | 1 Xoops | 1 Prayer List Module | 2022-10-03 | N/A |
SQL injection vulnerability in index.php in the Prayer List (prayerlist) 1.04 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action. | ||||
CVE-2008-6885 | 1 Xoops | 1 Xoops | 2022-10-03 | N/A |
Cross-site scripting (XSS) vulnerability in pmlite.php in XOOPS 2.3.1 and 2.3.2a allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute in a URL BBcode tag in a private message. | ||||
CVE-2008-1065 | 1 Xoops | 1 Xm Memberstats | 2022-10-03 | N/A |
Multiple SQL injection vulnerabilities in index.php in the XM-Memberstats (xmmemberstats) 2.0e module for XOOPS allow remote attackers to execute arbitrary SQL commands via the (1) letter or (2) sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
CVE-2019-16684 | 1 Xoops | 1 Xoops | 2019-10-04 | 4.8 Medium |
An issue was discovered in the image-manager in Xoops 2.5.10. When any image with a JavaScript payload as its name is hovered over in the list or in the Edit page, the payload executes. |