CVE-2011-4565
- EPSS 0.48%
- Published 28.11.2011 21:55:09
- Last modified 11.04.2025 00:51:21
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to include/formdhtmltextarea_preview.php or (2) img BBCODE t...
- EPSS 0.28%
- Published 24.09.2011 00:55:04
- Last modified 11.04.2025 00:51:21
XOOPS 2.5.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/system/xoops_version.php and certain other files.
- EPSS 0.26%
- Published 07.05.2010 18:30:01
- Last modified 11.04.2025 00:51:21
The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php.
CVE-2009-3963
- EPSS 0.36%
- Published 17.11.2009 18:30:00
- Last modified 09.04.2025 00:30:58
Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final have unknown impact and attack vectors.
CVE-2009-2783
- EPSS 7.27%
- Published 17.08.2009 16:30:01
- Last modified 09.04.2025 00:30:58
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) op parameter to modules/pm/viewpmsg.php and (2) query string to modules/profile/user.php.
CVE-2008-6885
- EPSS 0.52%
- Published 31.07.2009 20:30:00
- Last modified 09.04.2025 00:30:58
Cross-site scripting (XSS) vulnerability in pmlite.php in XOOPS 2.3.1 and 2.3.2a allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute in a URL BBcode tag in a private message.
CVE-2008-6884
- EPSS 5.66%
- Published 31.07.2009 20:30:00
- Last modified 09.04.2025 00:30:58
Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter to (1) blocks.php and (2) mai...
CVE-2008-5665
- EPSS 0.14%
- Published 19.12.2008 01:52:02
- Last modified 09.04.2025 00:30:58
SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter.
CVE-2008-3296
- EPSS 2.2%
- Published 25.07.2008 13:41:00
- Last modified 09.04.2025 00:30:58
Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: the provenance of this information is unknown; the de...
CVE-2008-3295
- EPSS 0.42%
- Published 25.07.2008 13:41:00
- Last modified 09.04.2025 00:30:58
Cross-site scripting (XSS) vulnerability in modules/system/admin.php in XOOPS 2.0.18.1 allows remote attackers to inject arbitrary web script or HTML via the fct parameter. NOTE: the provenance of this information is unknown; the details are obtaine...