Xoops

Xoops

43 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2011-4565

Exploit
  • EPSS 1.32%
  • Veröffentlicht 28.11.2011 21:55:09
  • Zuletzt bearbeitet 16.06.2026 23:35:03

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to include/formdhtmltextarea_preview.php or (2) img BBCODE t...

5

CVE-2011-3822

  • EPSS 1.23%
  • Veröffentlicht 24.09.2011 00:55:04
  • Zuletzt bearbeitet 16.06.2026 23:33:59

XOOPS 2.5.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/system/xoops_version.php and certain other files.

5

CVE-2009-4851

  • EPSS 1.21%
  • Veröffentlicht 07.05.2010 18:30:01
  • Zuletzt bearbeitet 16.06.2026 23:14:28

The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php.

7.5

CVE-2009-3963

  • EPSS 1.65%
  • Veröffentlicht 17.11.2009 18:30:00
  • Zuletzt bearbeitet 16.06.2026 23:12:43

Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final have unknown impact and attack vectors.

4.3

CVE-2009-2783

Exploit
  • EPSS 1.94%
  • Veröffentlicht 17.08.2009 16:30:01
  • Zuletzt bearbeitet 16.06.2026 23:10:12

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) op parameter to modules/pm/viewpmsg.php and (2) query string to modules/profile/user.php.

4.3

CVE-2008-6885

Exploit
  • EPSS 1.29%
  • Veröffentlicht 31.07.2009 20:30:00
  • Zuletzt bearbeitet 16.06.2026 23:03:10

Cross-site scripting (XSS) vulnerability in pmlite.php in XOOPS 2.3.1 and 2.3.2a allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute in a URL BBcode tag in a private message.

6.8

CVE-2008-6884

Exploit
  • EPSS 5.62%
  • Veröffentlicht 31.07.2009 20:30:00
  • Zuletzt bearbeitet 16.06.2026 23:03:10

Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter to (1) blocks.php and (2) mai...

7.5

CVE-2008-5665

Exploit
  • EPSS 0.97%
  • Veröffentlicht 19.12.2008 01:52:02
  • Zuletzt bearbeitet 16.06.2026 23:00:45

SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter.

7.5

CVE-2008-3296

  • EPSS 5.71%
  • Veröffentlicht 25.07.2008 13:41:00
  • Zuletzt bearbeitet 16.06.2026 22:55:33

Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: the provenance of this information is unknown; the de...

4.3

CVE-2008-3295

Exploit
  • EPSS 2.74%
  • Veröffentlicht 25.07.2008 13:41:00
  • Zuletzt bearbeitet 16.06.2026 22:55:33

Cross-site scripting (XSS) vulnerability in modules/system/admin.php in XOOPS 2.0.18.1 allows remote attackers to inject arbitrary web script or HTML via the fct parameter. NOTE: the provenance of this information is unknown; the details are obtaine...