Vulnerabilities > Xoops > Xoops > 2.3.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-11-28 | CVE-2011-4565 | Cross-Site Scripting vulnerability in Xoops Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to include/formdhtmltextarea_preview.php or (2) img BBCODE tag within the message parameter to pmlite.php (aka Private Message). | 4.3 |
2010-05-07 | CVE-2009-4851 | Permissions, Privileges, and Access Controls vulnerability in Xoops The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php. | 5.0 |
2009-11-17 | CVE-2009-3963 | Multiple Unspecified vulnerability in XOOPS Versions Prior to 2.4.0 Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final have unknown impact and attack vectors. | 7.5 |
2009-07-31 | CVE-2008-6885 | Cross-Site Scripting vulnerability in Xoops 2.3.1/2.3.2A Cross-site scripting (XSS) vulnerability in pmlite.php in XOOPS 2.3.1 and 2.3.2a allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute in a URL BBcode tag in a private message. | 4.3 |
2009-07-31 | CVE-2008-6884 | Path Traversal vulnerability in Xoops 2.3.1 Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. | 6.8 |