Xoops

Xoops

43 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.48%
  • Published 28.11.2011 21:55:09
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to include/formdhtmltextarea_preview.php or (2) img BBCODE t...

  • EPSS 0.28%
  • Published 24.09.2011 00:55:04
  • Last modified 11.04.2025 00:51:21

XOOPS 2.5.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/system/xoops_version.php and certain other files.

  • EPSS 0.26%
  • Published 07.05.2010 18:30:01
  • Last modified 11.04.2025 00:51:21

The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php.

  • EPSS 0.36%
  • Published 17.11.2009 18:30:00
  • Last modified 09.04.2025 00:30:58

Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final have unknown impact and attack vectors.

Exploit
  • EPSS 7.27%
  • Published 17.08.2009 16:30:01
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) op parameter to modules/pm/viewpmsg.php and (2) query string to modules/profile/user.php.

Exploit
  • EPSS 0.52%
  • Published 31.07.2009 20:30:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in pmlite.php in XOOPS 2.3.1 and 2.3.2a allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute in a URL BBcode tag in a private message.

Exploit
  • EPSS 5.66%
  • Published 31.07.2009 20:30:00
  • Last modified 09.04.2025 00:30:58

Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter to (1) blocks.php and (2) mai...

Exploit
  • EPSS 0.14%
  • Published 19.12.2008 01:52:02
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter.

  • EPSS 2.2%
  • Published 25.07.2008 13:41:00
  • Last modified 09.04.2025 00:30:58

Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: the provenance of this information is unknown; the de...

Exploit
  • EPSS 0.42%
  • Published 25.07.2008 13:41:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in modules/system/admin.php in XOOPS 2.0.18.1 allows remote attackers to inject arbitrary web script or HTML via the fct parameter. NOTE: the provenance of this information is unknown; the details are obtaine...