Vulnerabilities > Xoops
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-03 | CVE-2008-4435 | Cross-Site Scripting vulnerability in Rmsoft Downloads Plus Module 1.5/1.7 Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT Downloads Plus (rmdp) module 1.5 and 1.7 for Xoops allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to search.php and the (2) id parameter to down.php. | 4.3 |
| 2008-10-03 | CVE-2008-4433 | SQL Injection vulnerability in Rmsoft Minishop Module 1.0 SQL injection vulnerability in search.php in the RMSOFT MiniShop module 1.0 for Xoops might allow remote attackers to execute arbitrary SQL commands via the itemsxpag parameter. | 7.5 |
| 2008-10-03 | CVE-2008-4432 | Cross-Site Scripting vulnerability in Rmsoft Minishop Module 1.0 Cross-site scripting (XSS) vulnerability in search.php in the RMSOFT MiniShop module 1.0 for Xoops allows remote attackers to inject arbitrary web script or HTML via the itemsxpag parameter. | 4.3 |
| 2008-09-11 | CVE-2008-4053 | Cross-Site Scripting vulnerability in Bluemoon Popnupblog 3.20/3.30 Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Bluemoon PopnupBLOG module 3.20 and 3.30 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the (1) param, (2) cat_id, and (3) view parameters. | 4.3 |
| 2008-08-08 | CVE-2008-3560 | Cross-Site Scripting vulnerability in Xoops Kshop Module 2.22 Cross-site scripting (XSS) vulnerability in kshop_search.php in the Kshop module 2.22 for Xoops allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 4.3 |
| 2008-07-25 | CVE-2008-3296 | Path Traversal vulnerability in Xoops 2.0.18.1 Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2008-07-25 | CVE-2008-3295 | Cross-Site Scripting vulnerability in Xoops 2.0.18.1 Cross-site scripting (XSS) vulnerability in modules/system/admin.php in XOOPS 2.0.18.1 allows remote attackers to inject arbitrary web script or HTML via the fct parameter. | 4.3 |
| 2008-05-06 | CVE-2008-2094 | SQL Injection vulnerability in Xoops Article Module SQL injection vulnerability in article.php in the Article module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2008-04-30 | CVE-2008-2035 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the Bluemoon, Inc. | 4.3 |
| 2008-03-17 | CVE-2008-1351 | SQL Injection vulnerability in Xoops Tutoriais Module 2.1B SQL injection vulnerability in the Tutorials 2.1b module for XOOPS allows remote attackers to execute arbitrary SQL commands via the tid parameter to printpage.php, which is accessible directly or through a printpage action to index.php. | 7.5 |