Vulnerabilities > Xoops > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-06-14 | CVE-2007-3220 | Unspecified vulnerability in Xoops Cjay Content Module 3 PHP remote file inclusion vulnerability in admin/editor2/spaw_control.class.php in the Cjay Content 3 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. network xoops | 6.8 |
| 2007-06-06 | CVE-2007-3057 | Module Spaw_Control.Class.PHP Remote File Include vulnerability in Xoops Icontent Module 4.5 PHP remote file inclusion vulnerability in include/wysiwyg/spaw_control.class.php in the icontent 4.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. network xoops | 6.8 |
| 2006-10-26 | CVE-2006-5532 | Cross-Site Scripting vulnerability in Xoops Rmsoft Gallery System 2.0 Cross-site scripting (XSS) vulnerability in rmgs/images.php in RMSOFT Gallery System 2.0 allows remote attackers to inject arbitrary web script or HTML via the kw parameter. network xoops | 6.8 |
| 2006-07-06 | CVE-2006-3363 | Remote File Include vulnerability in Xoops Glossaire Module 1.7 PHP remote file inclusion vulnerability in index.php in the Glossaire module 1.7 for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the pa parameter. | 5.1 |
| 2006-05-22 | CVE-2006-2516 | Path Traversal vulnerability in Xoops mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file. | 5.1 |
| 2006-01-13 | CVE-2006-0198 | HTML Injection vulnerability in Xoops Pool Module IMG Tag Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment. network xoops | 4.3 |
| 2005-11-18 | CVE-2005-3680 | Unspecified vulnerability in Xoops 2.2.3 Directory traversal vulnerability in editor_registry.php in XOOPS 2.2.3 allows remote attackers to read or include arbitrary local files via a .. | 6.4 |
| 2005-10-27 | CVE-2005-2338 | HTML Injection vulnerability in XOOPS Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP and earlier, XOOPS 2.0.13.1 and earlier, and 2.2.x up to 2.2.3 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) modules that use "XOOPS Code" and (2) newbb in the forum module. network xoops | 4.3 |
| 2005-07-05 | CVE-2005-2112 | Cross-Site Scripting vulnerability in Xoops Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php. network xoops | 4.3 |
| 2004-12-31 | CVE-2004-2756 | Cross-Site Scripting vulnerability in Xoops Cross-site scripting (XSS) vulnerability in viewtopic.php in Xoops 2.x, possibly 2 through 2.0.5, allows remote attackers to inject arbitrary web script or HTML via the (1) forum and (2) topic_id parameters. | 4.3 |