Approved changes feed: RSS · Atom
cpe:2.3:a:xoops:xoops:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Xoops (0cd3f1ab-f94d-5608-8423-6f6f7310816b) |
|---|---|
| Product | Xoops (7a1dd380-5a1b-5ae4-8a61-64cd7be487c2) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/xoops/xoopscore |
purl2cpe | 2026-06-01 10:13:19.106308 |
pkg:github/xoops/xoopscore25 |
purl2cpe | 2026-06-01 10:13:19.106310 |
pkg:sourceforge/xoops |
purl2cpe | 2026-06-01 10:13:19.106311 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2012-0984 |
vulnerable | 2026-06-03 14:31:40.680942 |
Details available
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) to_userid parameter to modules/pm/pmlite.php or the (2) current_file, (3) imgcat_id, or (4) target parameter to class/xoopseditor/tinymce/tinymce/jscripts/tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php.
Published: 2014-09-11T14:00:00.000Z
Updated: 2024-08-06T18:45:26.351Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2011-4565 |
vulnerable | 2026-06-03 14:31:25.301040 |
Details available
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to include/formdhtmltextarea_preview.php or (2) img BBCODE tag within the message parameter to pmlite.php (aka Private Message). NOTE: some of these details are obtained from third party information.
Published: 2011-11-28T21:00:00.000Z
Updated: 2024-08-07T00:09:19.096Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-4851 |
vulnerable | 2026-06-03 14:29:59.396510 |
Details available
The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php.
Published: 2010-05-07T18:23:00.000Z
Updated: 2024-09-16T17:23:15.676Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-4698 |
not_vulnerable | 2026-06-03 14:29:58.552798 |
Details available
Multiple SQL injection vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to execute arbitrary SQL commands via the codigo parameter to (1) aviso.php and (2) imprimir.php, and the (3) cod_categoria parameter to categoria.php.
Published: 2010-03-15T21:00:00.000Z
Updated: 2024-08-07T07:08:38.208Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-4360 |
not_vulnerable | 2026-06-03 14:29:57.443691 |
Details available
SQL injection vulnerability in modules/content/index.php in the Content module 0.5 for XOOPS allows remote attackers to inject arbitrary web script or HTML via the id parameter.
Published: 2009-12-20T02:00:00.000Z
Updated: 2024-08-07T07:01:20.160Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-4359 |
not_vulnerable | 2026-06-03 14:29:57.441567 |
Details available
Cross-site scripting (XSS) vulnerability in folder.php in the SmartMedia 0.85 Beta module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the categoryid parameter.
Published: 2009-12-20T02:00:00.000Z
Updated: 2024-08-07T07:01:20.070Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-3963 |
vulnerable | 2026-06-03 14:29:54.707717 |
Details available
Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final have unknown impact and attack vectors.
Published: 2009-11-17T18:00:00.000Z
Updated: 2024-08-07T06:45:50.787Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-3240 |
not_vulnerable | 2026-06-03 14:29:45.694415 |
Details available
Cross-site scripting (XSS) vulnerability in the Happy Linux XF-Section module 1.12a for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published: 2009-09-18T10:00:00.000Z
Updated: 2024-09-16T17:23:24.142Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-2162 |
not_vulnerable | 2026-06-03 14:29:39.617928 |
Details available
Cross-site scripting (XSS) vulnerability in the XOOPS MANIAC PukiWikiMod module 1.6.6.2 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published: 2009-06-22T19:00:00.000Z
Updated: 2024-08-07T05:44:54.801Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-0805 |
not_vulnerable | 2026-06-03 14:29:26.176032 |
Details available
Cross-site scripting (XSS) vulnerability in piCal 0.91h and earlier, a module for XOOPS, allows remote attackers to inject arbitrary web script or HTML via the event_id parameter in index.php.
Published: 2009-03-04T17:00:00.000Z
Updated: 2024-09-16T19:46:38.185Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-7178 |
not_vulnerable | 2026-06-03 14:29:20.590726 |
Details available
Directory traversal vulnerability in Uploader module 1.1 for XOOPS allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a downloadfile action to index.php.
Published: 2009-09-08T10:00:00.000Z
Updated: 2024-08-07T11:56:14.435Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-5768 |
not_vulnerable | 2026-06-03 14:29:11.160126 |
Details available
SQL injection vulnerability in print.php in the AM Events (aka Amevents) module 0.22 for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.
Published: 2008-12-30T20:00:00.000Z
Updated: 2024-08-07T11:04:44.492Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-5665 |
vulnerable | 2026-06-03 14:29:10.392866 |
Details available
SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter.
Published: 2008-12-18T21:00:00.000Z
Updated: 2024-08-07T11:04:43.534Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-5321 |
not_vulnerable | 2026-06-03 14:29:08.889299 |
Details available
SQL injection vulnerability in index.php in GesGaleri, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the no parameter.
Published: 2008-12-03T19:00:00.000Z
Updated: 2024-08-07T10:49:12.235Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-4653 |
not_vulnerable | 2026-06-03 14:29:05.249653 |
Details available
SQL injection vulnerability in makale.php in Makale 0.26 and possibly other versions, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
Published: 2008-10-21T22:00:00.000Z
Updated: 2024-08-07T10:24:21.083Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-4635 |
not_vulnerable | 2026-06-03 14:29:05.180572 |
Details available
Unspecified vulnerability in Hisanaga Electric Co, Ltd. hisa_cart 1.29 and earlier, a module for XOOPS, allows remote attackers to obtain sensitive user information via unknown vectors.
Published: 2008-10-21T00:00:00.000Z
Updated: 2024-08-07T10:24:20.734Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-4435 |
not_vulnerable | 2026-06-03 14:28:58.181831 |
Details available
Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT Downloads Plus (rmdp) module 1.5 and 1.7 for Xoops allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to search.php and the (2) id parameter to down.php.
Published: 2008-10-03T22:00:00.000Z
Updated: 2024-08-07T10:17:09.416Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-4433 |
not_vulnerable | 2026-06-03 14:28:58.134117 |
Details available
SQL injection vulnerability in search.php in the RMSOFT MiniShop module 1.0 for Xoops might allow remote attackers to execute arbitrary SQL commands via the itemsxpag parameter.
Published: 2008-10-03T22:00:00.000Z
Updated: 2024-08-07T10:17:09.614Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-4432 |
not_vulnerable | 2026-06-03 14:28:58.133749 |
Details available
Cross-site scripting (XSS) vulnerability in search.php in the RMSOFT MiniShop module 1.0 for Xoops allows remote attackers to inject arbitrary web script or HTML via the itemsxpag parameter.
Published: 2008-10-03T22:00:00.000Z
Updated: 2024-08-07T10:17:09.324Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-4053 |
not_vulnerable | 2026-06-03 14:28:56.824475 |
Details available
Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Bluemoon PopnupBLOG module 3.20 and 3.30 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the (1) param, (2) cat_id, and (3) view parameters.
Published: 2008-09-11T14:00:00.000Z
Updated: 2024-08-07T10:00:42.469Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-0611 |
vulnerable | 2026-06-03 14:28:37.439197 |
Details available
SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery System 2.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.
Published: 2008-02-06T11:00:00.000Z
Updated: 2024-08-07T07:54:22.542Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2007-6675 |
vulnerable | 2026-06-03 14:28:30.167606 |
Details available
The b_system_comments_show function in htdocs/modules/system/blocks/system_blocks.php in XOOPS before 2.0.18 does not check permissions, which allows remote attackers to read the comments in restricted modules.
Published: 2008-01-08T19:00:00.000Z
Updated: 2024-09-16T19:00:47.906Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2007-5188 |
vulnerable | 2026-06-03 14:28:25.104849 |
Details available
Unspecified vulnerability in the XOOPS uploader class in Xoops 2.0.17.1-RC1 and earlier allows remote attackers to upload arbitrary files via unspecified vectors related to improper upload configuration settings in class/uploader.php and class/mimetypes.inc.php, possibly an incomplete blacklist that omits the .php4 extension.
Published: 2007-10-03T14:00:00.000Z
Updated: 2024-08-07T15:24:42.419Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2007-1962 |
not_vulnerable | 2026-06-03 14:28:07.168758 |
Details available
SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action.
Published: 2007-04-11T10:00:00.000Z
Updated: 2024-08-07T13:13:42.045Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2006-4417 |
vulnerable | 2026-06-03 14:27:42.738136 |
Details available
SQL injection vulnerability in edituser.php in Xoops before 2.0.15 allows remote attackers to execute arbitrary SQL commands via the user_avatar parameter.
Published: 2006-08-28T21:00:00.000Z
Updated: 2024-08-07T19:06:07.752Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2006-2516 |
vulnerable | 2026-06-03 14:27:32.508876 |
Details available
mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file.
Published: 2006-05-22T22:00:00.000Z
Updated: 2024-08-07T17:51:04.851Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2005-2338 |
vulnerable | 2026-06-03 14:27:01.802081 |
Details available
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP and earlier, XOOPS 2.0.13.1 and earlier, and 2.2.x up to 2.2.3 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) modules that use "XOOPS Code" and (2) newbb in the forum module.
Published: 2005-10-26T04:00:00.000Z
Updated: 2024-08-07T22:22:49.037Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2003-1550 |
vulnerable | 2026-06-03 14:26:33.642173 |
Details available
XOOPS 2.0, and possibly earlier versions, allows remote attackers to obtain sensitive information via an invalid xoopsOption parameter, which reveals the installation path in an error message.
Published: 2008-03-06T01:00:00.000Z
Updated: 2024-08-08T02:35:15.859Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.