Vulnerabilities > Xoops > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-30 | CVE-2019-16684 | Cross-site Scripting vulnerability in Xoops 2.5.10 An issue was discovered in the image-manager in Xoops 2.5.10. | 4.8 |
| 2019-09-30 | CVE-2019-16683 | Cross-site Scripting vulnerability in Xoops 2.5.10 An issue was discovered in the image-manager in Xoops 2.5.10. | 4.8 |
| 2017-08-02 | CVE-2017-12139 | Cross-site Scripting vulnerability in Xoops 2.5.8 XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php. | 6.1 |
| 2017-08-02 | CVE-2017-12138 | Open Redirect vulnerability in Xoops 2.5.8 XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter. | 6.1 |
| 2017-04-24 | CVE-2017-7944 | Cross-site Scripting vulnerability in Xoops 2.5.8.1 XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install DB failure error message in page_dbsettings.php. | 6.1 |