Vulnerabilities > Xoops > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-18 | CVE-2009-3240 | Cross-Site Scripting vulnerability in Ohwada Xf-Section 1.12A Cross-site scripting (XSS) vulnerability in the Happy Linux XF-Section module 1.12a for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-07-31 | CVE-2008-6885 | Cross-Site Scripting vulnerability in Xoops 2.3.1/2.3.2A Cross-site scripting (XSS) vulnerability in pmlite.php in XOOPS 2.3.1 and 2.3.2a allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute in a URL BBcode tag in a private message. | 4.3 |
| 2009-07-31 | CVE-2008-6884 | Path Traversal vulnerability in Xoops 2.3.1 Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. | 6.8 |
| 2009-06-22 | CVE-2009-2162 | Cross-Site Scripting vulnerability in Ishii Pukiwikimod Cross-site scripting (XSS) vulnerability in the XOOPS MANIAC PukiWikiMod module 1.6.6.2 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-03-04 | CVE-2009-0805 | Cross-Site Scripting vulnerability in Mihai Bazon Pical Cross-site scripting (XSS) vulnerability in piCal 0.91h and earlier, a module for XOOPS, allows remote attackers to inject arbitrary web script or HTML via the event_id parameter in index.php. | 4.3 |
| 2008-10-21 | CVE-2008-4635 | Information Exposure vulnerability in Hisanaga Electric CO Hisa Cart Unspecified vulnerability in Hisanaga Electric Co, Ltd. | 5.0 |
| 2008-10-03 | CVE-2008-4435 | Cross-Site Scripting vulnerability in Rmsoft Downloads Plus Module 1.5/1.7 Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT Downloads Plus (rmdp) module 1.5 and 1.7 for Xoops allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to search.php and the (2) id parameter to down.php. | 4.3 |
| 2008-10-03 | CVE-2008-4432 | Cross-Site Scripting vulnerability in Rmsoft Minishop Module 1.0 Cross-site scripting (XSS) vulnerability in search.php in the RMSOFT MiniShop module 1.0 for Xoops allows remote attackers to inject arbitrary web script or HTML via the itemsxpag parameter. | 4.3 |
| 2008-09-11 | CVE-2008-4053 | Cross-Site Scripting vulnerability in Bluemoon Popnupblog 3.20/3.30 Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Bluemoon PopnupBLOG module 3.20 and 3.30 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the (1) param, (2) cat_id, and (3) view parameters. | 4.3 |
| 2008-08-08 | CVE-2008-3560 | Cross-Site Scripting vulnerability in Xoops Kshop Module 2.22 Cross-site scripting (XSS) vulnerability in kshop_search.php in the Kshop module 2.22 for Xoops allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 4.3 |