Vulnerabilities > Xoops > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-07-25 | CVE-2008-3295 | Cross-Site Scripting vulnerability in Xoops 2.0.18.1 Cross-site scripting (XSS) vulnerability in modules/system/admin.php in XOOPS 2.0.18.1 allows remote attackers to inject arbitrary web script or HTML via the fct parameter. | 4.3 |
| 2008-04-30 | CVE-2008-2035 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the Bluemoon, Inc. | 4.3 |
| 2008-02-28 | CVE-2008-1064 | Cross-Site Scripting vulnerability in Xoops Rmsoft Gallery System 2.0 Cross-site scripting (XSS) vulnerability in images.php in the Red Mexico RMSOFT Gallery System (GS) 2.0 module (aka rmgs) for XOOPS allows remote attackers to inject arbitrary web script or HTML via the q parameter. | 4.3 |
| 2008-02-28 | CVE-2008-1063 | Cross-Site Scripting vulnerability in Xoops Xm-Memberstats 2.0 Cross-site scripting (XSS) vulnerability index.php in the XM-Memberstats (xmmemberstats) module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the sortby parameter. | 4.3 |
| 2008-02-25 | CVE-2008-0937 | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811. | 6.8 |
| 2008-02-06 | CVE-2008-0613 | Link Following vulnerability in Xoops 2.0.18 Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter. | 5.0 |
| 2008-01-08 | CVE-2008-0138 | SQL Injection vulnerability in Xoops Xoopsgallery Module 1.3.39 PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for XOOPS, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter. | 6.8 |
| 2008-01-08 | CVE-2007-6675 | Permissions, Privileges, and Access Controls vulnerability in Xoops The b_system_comments_show function in htdocs/modules/system/blocks/system_blocks.php in XOOPS before 2.0.18 does not check permissions, which allows remote attackers to read the comments in restricted modules. | 5.0 |
| 2007-06-15 | CVE-2007-3237 | Remote Security vulnerability in Xoops Tinycontent Module 1.5 PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the TinyContent 1.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. network xoops | 6.8 |
| 2007-06-14 | CVE-2007-3221 | Remote File Include vulnerability in Xoops XT-Conteudo Module Spaw_Control.Class.PHP PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. network xoops | 6.8 |