XOOPS 2.5.10

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:xoops:xoops:2.5.10:*:*:*:*:*:*:*

part: a version: 2.5.10 update: *

VendorXoops (0cd3f1ab-f94d-5608-8423-6f6f7310816b)
ProductXoops (7a1dd380-5a1b-5ae4-8a61-64cd7be487c2)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/xoops/xoopscore purl2cpe 2026-06-01 10:13:19.214478
pkg:github/xoops/xoopscore25 purl2cpe 2026-06-01 10:13:19.214479
pkg:sourceforge/xoops purl2cpe 2026-06-01 10:13:19.214481

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2023-36217 vulnerable 2026-06-03 14:52:19.725034 Details available
Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function.
Published: 2023-08-03T00:00:00.000Z
Updated: 2024-10-17T16:13:23.999Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-16684 vulnerable 2026-06-03 14:39:55.234017 Details available
An issue was discovered in the image-manager in Xoops 2.5.10. When any image with a JavaScript payload as its name is hovered over in the list or in the Edit page, the payload executes.
Published: 2019-09-30T15:28:03.000Z
Updated: 2024-08-05T01:17:41.173Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-16683 vulnerable 2026-06-03 14:39:55.233621 Details available
An issue was discovered in the image-manager in Xoops 2.5.10. When the breadcrumb showing the category name is hovered over while editing any image, a JavaScript payload executes.
Published: 2019-09-30T15:15:23.000Z
Updated: 2024-08-05T01:17:41.075Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.