Vulnerabilities > Xoops > Xoops > 2.5.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-02 | CVE-2017-12139 | Cross-site Scripting vulnerability in Xoops 2.5.8 XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php. | 4.3 |
| 2017-08-02 | CVE-2017-12138 | Open Redirect vulnerability in Xoops 2.5.8 XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter. | 5.8 |