Known Vulnerabilities for products from Xoops
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Xoops".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-36217 json | Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category ... | 9 - CRITICAL | 2023-08-03 | 2023-08-08 |
| CVE-2019-16684 json | An issue was discovered in the image-manager in Xoops 2.5.10. When any image with a JavaScript payload as its name is hovered... | 4.8 - MEDIUM | 2019-09-30 | 2019-10-04 |
| CVE-2019-16683 json | An issue was discovered in the image-manager in Xoops 2.5.10. When the breadcrumb showing the category name is hovered over w... | 4.8 - MEDIUM | 2019-09-30 | 2019-10-04 |
| CVE-2017-12139 json | XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php. | 6.1 - MEDIUM | 2017-08-02 | 2017-08-04 |
| CVE-2017-12138 json | XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter. | 6.1 - MEDIUM | 2017-08-02 | 2017-08-04 |
| CVE-2017-11174 json | In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL quer... | 9.8 - CRITICAL | 2017-07-12 | 2017-07-27 |
| CVE-2017-7944 json | XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install DB failure error message in page_dbsettings.php. | 6.1 - MEDIUM | 2017-04-24 | 2017-04-27 |
| CVE-2017-7290 json | SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to ... | 7.2 - HIGH | 2017-03-30 | 2017-04-03 |
| CVE-2014-8999 json | SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users ... | 6.5 - MEDIUM | 2014-11-20 | 2014-11-24 |
| CVE-2014-3935 json | SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arb... | 7.5 - HIGH | 2014-06-02 | 2014-06-03 |
| CVE-2012-0984 json | Multiple cross-site scripting (XSS) vulnerabilities in XOOPS before 2.5.5 allow remote attackers to inject arbitrary web scri... | 4.3 - MEDIUM | 2014-09-11 | 2017-08-29 |
| CVE-2011-4565 json | Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers t... | 4.3 - MEDIUM | 2011-11-28 | 2017-08-29 |
| CVE-2011-3822 json | XOOPS 2.5.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the in... | 5 - MEDIUM | 2011-09-24 | 2012-05-21 |
| CVE-2009-4851 json | The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary a... | 5 - MEDIUM | 2010-05-07 | 2010-05-13 |
| CVE-2009-4698 json | Multiple SQL injection vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to execute arbit... | 7.5 - HIGH | 2010-03-15 | 2017-09-19 |
| CVE-2009-4582 json | SQL injection vulnerability in detail.php in the Dictionary module for XOOPS 2.0.18 allows remote attackers to execute arbitr... | Not Provided | 2010-01-06 | 2026-04-23 |
| CVE-2009-4360 json | SQL injection vulnerability in modules/content/index.php in the Content module 0.5 for XOOPS allows remote attackers to injec... | Not Provided | 2009-12-20 | 2026-04-23 |
| CVE-2009-4359 json | Cross-site scripting (XSS) vulnerability in folder.php in the SmartMedia 0.85 Beta module for XOOPS allows remote attackers t... | Not Provided | 2009-12-20 | 2026-04-23 |
| CVE-2009-3963 json | Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final have unknown impact and attack vectors. | Not Provided | 2009-11-17 | 2026-04-23 |
| CVE-2009-3240 json | Cross-site scripting (XSS) vulnerability in the Happy Linux XF-Section module 1.12a for XOOPS allows remote attackers to inje... | Not Provided | 2009-09-18 | 2026-04-23 |
Known software with vulnerabilities from Xoops
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Xoops | Glossaire Module | 1.0 |
| Application | Xoops | Xoops | 2.5.10 |