GCVE - cpe:2.3:a:xoops:xoops:2.3.3:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:xoops:xoops:2.3.3:*:*:*:*:*:*:*

part: a version: 2.3.3 update: *

Vendor	Xoops (`0cd3f1ab-f94d-5608-8423-6f6f7310816b`)
Product	Xoops (`7a1dd380-5a1b-5ae4-8a61-64cd7be487c2`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/xoops/xoopscore`	purl2cpe	2026-06-01 10:13:19.198351
`pkg:github/xoops/xoopscore25`	purl2cpe	2026-06-01 10:13:19.198353
`pkg:sourceforge/xoops`	purl2cpe	2026-06-01 10:13:19.198354

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-4565`	vulnerable	2026-06-03 14:31:25.310921	Details available Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to include/formdhtmltextarea_preview.php or (2) img BBCODE tag within the message parameter to pmlite.php (aka Private Message). NOTE: some of these details are obtained from third party information. Published: 2011-11-28T21:00:00.000Z Updated: 2024-08-07T00:09:19.096Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/70377 http://secunia.com/advisories/46238 https://exchange.xforce.ibmcloud.com/vulnerabilities/70378 https://www.htbridge.ch/advisory/multiple_xss_in_xoops_web_application_platform.html http://www.securityfocus.com/bid/49995	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-4851`	vulnerable	2026-06-03 14:29:59.419612	Details available The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php. Published: 2010-05-07T18:23:00.000Z Updated: 2024-09-16T17:23:15.676Z Open on db.gcve.eu Reference links http://secunia.com/advisories/37274 http://www.xoops.org/modules/news/article.php?storyid=5096 http://www.xoops.org/modules/newbb/viewtopic.php?post_id=319132 http://www.vupen.com/english/advisories/2009/3256	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-2783`	vulnerable	2026-06-03 14:29:43.062131	Details available Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) op parameter to modules/pm/viewpmsg.php and (2) query string to modules/profile/user.php. Published: 2009-08-17T16:00:00.000Z Updated: 2024-09-16T19:16:00.288Z Open on db.gcve.eu Reference links http://xoops.svn.sourceforge.net/viewvc/xoops/XoopsCore/trunk/htdocs/modules/pm/viewpmsg.php?view=log#rev3292 http://www.securityfocus.com/bid/35895 http://secunia.com/advisories/36109 http://xoops.svn.sourceforge.net/viewvc/xoops/XoopsCore/trunk/htdocs/modules/pm/viewpmsg.php?r1=2621&r2=3292 http://www.senseofsecurity.com.au/advisories/SOS-09-005.pdf	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.