Search
Search Results (70 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2516 | 1 Xoops | 1 Xoops | 2025-04-03 | N/A |
| mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file. | ||||
| CVE-2006-0198 | 1 Xoops | 1 Xoops Pool Module | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment. | ||||
| CVE-2005-3680 | 1 Xoops | 1 Xoops | 2025-04-03 | N/A |
| Directory traversal vulnerability in editor_registry.php in XOOPS 2.2.3 allows remote attackers to read or include arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter. | ||||
| CVE-2005-2338 | 1 Xoops | 1 Xoops | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP and earlier, XOOPS 2.0.13.1 and earlier, and 2.2.x up to 2.2.3 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) modules that use "XOOPS Code" and (2) newbb in the forum module. | ||||
| CVE-2005-2113 | 1 Xoops | 1 Xoops | 2025-04-03 | N/A |
| SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost method. | ||||
| CVE-2005-2112 | 1 Xoops | 1 Xoops | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php. | ||||
| CVE-2004-2756 | 1 Xoops | 1 Xoops | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in viewtopic.php in Xoops 2.x, possibly 2 through 2.0.5, allows remote attackers to inject arbitrary web script or HTML via the (1) forum and (2) topic_id parameters. | ||||
| CVE-2023-36217 | 1 Xoops | 1 Xoops | 2024-11-21 | 9.0 Critical |
| Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function. | ||||
| CVE-2019-16684 | 1 Xoops | 1 Xoops | 2024-11-21 | 4.8 Medium |
| An issue was discovered in the image-manager in Xoops 2.5.10. When any image with a JavaScript payload as its name is hovered over in the list or in the Edit page, the payload executes. | ||||
| CVE-2019-16683 | 1 Xoops | 1 Xoops | 2024-11-21 | 4.8 Medium |
| An issue was discovered in the image-manager in Xoops 2.5.10. When the breadcrumb showing the category name is hovered over while editing any image, a JavaScript payload executes. | ||||