GCVE - cpe:2.3:a:xoops:xoops:2.3.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:xoops:xoops:2.3.1:*:*:*:*:*:*:*

part: a version: 2.3.1 update: *

Vendor	Xoops (`0cd3f1ab-f94d-5608-8423-6f6f7310816b`)
Product	Xoops (`7a1dd380-5a1b-5ae4-8a61-64cd7be487c2`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/xoops/xoopscore`	purl2cpe	2026-06-01 10:13:19.192997
`pkg:github/xoops/xoopscore25`	purl2cpe	2026-06-01 10:13:19.192999
`pkg:sourceforge/xoops`	purl2cpe	2026-06-01 10:13:19.193001

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-4565`	vulnerable	2026-06-03 14:31:25.309544	Details available Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to include/formdhtmltextarea_preview.php or (2) img BBCODE tag within the message parameter to pmlite.php (aka Private Message). NOTE: some of these details are obtained from third party information. Published: 2011-11-28T21:00:00.000Z Updated: 2024-08-07T00:09:19.096Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/70377 http://secunia.com/advisories/46238 https://exchange.xforce.ibmcloud.com/vulnerabilities/70378 https://www.htbridge.ch/advisory/multiple_xss_in_xoops_web_application_platform.html http://www.securityfocus.com/bid/49995	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-4851`	vulnerable	2026-06-03 14:29:59.417670	Details available The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php. Published: 2010-05-07T18:23:00.000Z Updated: 2024-09-16T17:23:15.676Z Open on db.gcve.eu Reference links http://secunia.com/advisories/37274 http://www.xoops.org/modules/news/article.php?storyid=5096 http://www.xoops.org/modules/newbb/viewtopic.php?post_id=319132 http://www.vupen.com/english/advisories/2009/3256	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-3963`	vulnerable	2026-06-03 14:29:54.721672	Details available Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final have unknown impact and attack vectors. Published: 2009-11-17T18:00:00.000Z Updated: 2024-08-07T06:45:50.787Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/54181 http://www.securityfocus.com/bid/36955 http://www.vupen.com/english/advisories/2009/3174 http://www.xoops.org/modules/news/article.php?storyid=5064	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-6885`	vulnerable	2026-06-03 14:29:19.735427	Details available Cross-site scripting (XSS) vulnerability in pmlite.php in XOOPS 2.3.1 and 2.3.2a allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute in a URL BBcode tag in a private message. Published: 2009-07-31T20:00:00.000Z Updated: 2024-09-17T02:16:11.848Z Open on db.gcve.eu Reference links http://marc.info/?l=bugtraq&m=122875449930810&w=2 http://www.securityfocus.com/bid/32685 http://secunia.com/advisories/33048 http://www.osvdb.org/50574 http://www.xoops.org/modules/news/article.php?storyid=4563	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-6884`	vulnerable	2026-06-03 14:29:19.734986	Details available Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter to (1) blocks.php and (2) main.php in xoops_lib/modules/protector/. Published: 2009-07-31T20:00:00.000Z Updated: 2024-08-07T11:49:02.496Z Open on db.gcve.eu Reference links http://osvdb.org/50573 http://www.securityfocus.com/bid/32685 http://secunia.com/advisories/33048 https://www.exploit-db.com/exploits/7380 http://www.xoops.org/modules/news/article.php?storyid=4563	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.