GCVE - cpe:2.3:a:xoops:xoops:2.0.16:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:xoops:xoops:2.0.16:*:*:*:*:*:*:*

part: a version: 2.0.16 update: *

Vendor	Xoops (`0cd3f1ab-f94d-5608-8423-6f6f7310816b`)
Product	Xoops (`7a1dd380-5a1b-5ae4-8a61-64cd7be487c2`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/xoops/xoopscore`	purl2cpe	2026-06-01 10:13:19.145843
`pkg:github/xoops/xoopscore25`	purl2cpe	2026-06-01 10:13:19.145845
`pkg:sourceforge/xoops`	purl2cpe	2026-06-01 10:13:19.145846

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-4565`	vulnerable	2026-06-03 14:31:25.304139	Details available Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to include/formdhtmltextarea_preview.php or (2) img BBCODE tag within the message parameter to pmlite.php (aka Private Message). NOTE: some of these details are obtained from third party information. Published: 2011-11-28T21:00:00.000Z Updated: 2024-08-07T00:09:19.096Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/70377 http://secunia.com/advisories/46238 https://exchange.xforce.ibmcloud.com/vulnerabilities/70378 https://www.htbridge.ch/advisory/multiple_xss_in_xoops_web_application_platform.html http://www.securityfocus.com/bid/49995	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-4851`	vulnerable	2026-06-03 14:29:59.412015	Details available The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php. Published: 2010-05-07T18:23:00.000Z Updated: 2024-09-16T17:23:15.676Z Open on db.gcve.eu Reference links http://secunia.com/advisories/37274 http://www.xoops.org/modules/news/article.php?storyid=5096 http://www.xoops.org/modules/newbb/viewtopic.php?post_id=319132 http://www.vupen.com/english/advisories/2009/3256	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-3963`	vulnerable	2026-06-03 14:29:54.718247	Details available Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final have unknown impact and attack vectors. Published: 2009-11-17T18:00:00.000Z Updated: 2024-08-07T06:45:50.787Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/54181 http://www.securityfocus.com/bid/36955 http://www.vupen.com/english/advisories/2009/3174 http://www.xoops.org/modules/news/article.php?storyid=5064	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-0377`	vulnerable	2026-06-03 14:27:56.605125	Details available Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/table_broken.php in the Weblinks module, and other unspecified vectors. Published: 2007-01-19T23:00:00.000Z Updated: 2024-08-07T12:19:29.780Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/459150/100/0/threaded http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html http://www.securityfocus.com/bid/22399 http://osvdb.org/33684 http://osvdb.org/33685	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.