GCVE - cpe:2.3:a:xoops:xoops:2.5.8:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:xoops:xoops:2.5.8:*:*:*:*:*:*:*

part: a version: 2.5.8 update: *

Vendor	Xoops (`0cd3f1ab-f94d-5608-8423-6f6f7310816b`)
Product	Xoops (`7a1dd380-5a1b-5ae4-8a61-64cd7be487c2`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/xoops/xoopscore`	purl2cpe	2026-06-01 10:13:19.219404
`pkg:github/xoops/xoopscore25`	purl2cpe	2026-06-01 10:13:19.219406
`pkg:sourceforge/xoops`	purl2cpe	2026-06-01 10:13:19.219407

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-12139`	vulnerable	2026-06-03 14:36:34.365800	Details available XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php. Published: 2017-08-02T05:00:00.000Z Updated: 2024-08-05T18:28:16.568Z Open on db.gcve.eu Reference links https://github.com/XOOPS/XoopsCore25/issues/524 http://www.securityfocus.com/bid/100094	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-12138`	vulnerable	2026-06-03 14:36:34.365268	Details available XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter. Published: 2017-08-02T05:00:00.000Z Updated: 2024-08-05T18:28:16.493Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/100091 https://github.com/XOOPS/XoopsCore25/issues/523	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.