Vulnerabilities > Xoops

DATE CVE VULNERABILITY TITLE RISK
2008-10-03 CVE-2008-4435 Cross-Site Scripting vulnerability in Rmsoft Downloads Plus Module 1.5/1.7
Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT Downloads Plus (rmdp) module 1.5 and 1.7 for Xoops allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to search.php and the (2) id parameter to down.php.
network
rmsoft xoops CWE-79
4.3
2008-10-03 CVE-2008-4433 SQL Injection vulnerability in Rmsoft Minishop Module 1.0
SQL injection vulnerability in search.php in the RMSOFT MiniShop module 1.0 for Xoops might allow remote attackers to execute arbitrary SQL commands via the itemsxpag parameter.
network
low complexity
rmsoft xoops CWE-89
7.5
2008-10-03 CVE-2008-4432 Cross-Site Scripting vulnerability in Rmsoft Minishop Module 1.0
Cross-site scripting (XSS) vulnerability in search.php in the RMSOFT MiniShop module 1.0 for Xoops allows remote attackers to inject arbitrary web script or HTML via the itemsxpag parameter.
network
rmsoft xoops CWE-79
4.3
2008-09-11 CVE-2008-4053 Cross-Site Scripting vulnerability in Bluemoon Popnupblog 3.20/3.30
Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Bluemoon PopnupBLOG module 3.20 and 3.30 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the (1) param, (2) cat_id, and (3) view parameters.
4.3
2008-08-08 CVE-2008-3560 Cross-Site Scripting vulnerability in Xoops Kshop Module 2.22
Cross-site scripting (XSS) vulnerability in kshop_search.php in the Kshop module 2.22 for Xoops allows remote attackers to inject arbitrary web script or HTML via the search parameter.
network
xoops CWE-79
4.3
2008-07-25 CVE-2008-3296 Path Traversal vulnerability in Xoops 2.0.18.1
Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a ..
network
low complexity
xoops CWE-22
7.5
2008-07-25 CVE-2008-3295 Cross-Site Scripting vulnerability in Xoops 2.0.18.1
Cross-site scripting (XSS) vulnerability in modules/system/admin.php in XOOPS 2.0.18.1 allows remote attackers to inject arbitrary web script or HTML via the fct parameter.
network
xoops CWE-79
4.3
2008-05-06 CVE-2008-2094 SQL Injection vulnerability in Xoops Article Module
SQL injection vulnerability in article.php in the Article module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
xoops CWE-89
7.5
2008-04-30 CVE-2008-2035 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the Bluemoon, Inc.
4.3
2008-03-17 CVE-2008-1351 SQL Injection vulnerability in Xoops Tutoriais Module 2.1B
SQL injection vulnerability in the Tutorials 2.1b module for XOOPS allows remote attackers to execute arbitrary SQL commands via the tid parameter to printpage.php, which is accessible directly or through a printpage action to index.php.
network
low complexity
xoops CWE-89
7.5