Filtered by vendor Xoops
Subscribe
Total
101 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2783 | 1 Xoops | 1 Xoops | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) op parameter to modules/pm/viewpmsg.php and (2) query string to modules/profile/user.php. | |||||
| CVE-2007-1974 | 2 Wf-sections, Xoops | 3 Wf-sections, Happy Linux Xfsection Module, Zmagazine Module | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php. | |||||
| CVE-2008-0936 | 1 Xoops | 1 Prayer List Module | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Prayer List (prayerlist) 1.04 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action. | |||||
| CVE-2008-0138 | 1 Xoops | 1 Xoopsgallery Module | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for XOOPS, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter. | |||||
| CVE-2007-5188 | 1 Xoops | 1 Xoops | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the XOOPS uploader class in Xoops 2.0.17.1-RC1 and earlier allows remote attackers to upload arbitrary files via unspecified vectors related to improper upload configuration settings in class/uploader.php and class/mimetypes.inc.php, possibly an incomplete blacklist that omits the .php4 extension. | |||||
| CVE-2009-3963 | 1 Xoops | 1 Xoops | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final have unknown impact and attack vectors. | |||||
| CVE-2008-4433 | 2 Rmsoft, Xoops | 2 Minishop Module, Xoops | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in the RMSOFT MiniShop module 1.0 for Xoops might allow remote attackers to execute arbitrary SQL commands via the itemsxpag parameter. | |||||
| CVE-2007-2543 | 1 Xoops | 1 Flashgames Module | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in game.php in the Flashgames 1.0.1 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter. | |||||
| CVE-2008-5665 | 1 Xoops | 1 Xoops | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter. | |||||
| CVE-2007-1846 | 1 Xoops | 1 Malaika System Myads Module | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the MyAds 2.04jp and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, different vectors than CVE-2006-3341. | |||||
| CVE-2008-1063 | 1 Xoops | 1 Xm-memberstats | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability index.php in the XM-Memberstats (xmmemberstats) module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the sortby parameter. | |||||
| CVE-2007-2737 | 1 Xoops | 1 Myconference Module | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the MyConference 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2162 | 2 Ishii, Xoops | 2 Pukiwikimod, Xoops | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the XOOPS MANIAC PukiWikiMod module 1.6.6.2 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-6885 | 1 Xoops | 1 Xoops | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pmlite.php in XOOPS 2.3.1 and 2.3.2a allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute in a URL BBcode tag in a private message. | |||||
| CVE-2007-3236 | 1 Xoops | 1 Horoscope Module | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in footer.php in the Horoscope 1.0 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. | |||||
| CVE-2007-2738 | 1 Xoops | 1 Xoops Glossaire Module | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the sid parameter in an ImprDef action. | |||||
| CVE-2009-4582 | 1 Xoops | 1 Xoops Dictionary | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.php in the Dictionary module for XOOPS 2.0.18 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3296 | 1 Xoops | 1 Xoops | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0847 | 1 Xoops | 1 Mytopics | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in print.php in the myTopics module for XOOPS allows remote attackers to execute arbitrary SQL commands via the articleid parameter. | |||||
| CVE-2009-0805 | 2 Mihai Bazon, Xoops | 2 Pical, Xoops | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in piCal 0.91h and earlier, a module for XOOPS, allows remote attackers to inject arbitrary web script or HTML via the event_id parameter in index.php. | |||||