MidnightBSD

Advisories for xoops

CVE-2002-0216 MEDIUM

userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain sensitive information via a SQL injection attack in the "uid" parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xoops xoops 1.0_rc1
CVE-2002-0217 HIGH

Cross-site scripting (CSS) vulnerabilities in the Private Message System for XOOPS 1.0 RC1 allow remote attackers to execute Javascript on other web clients via (1) the Title field or a Private Message Box or (2) the image field parameter in pmlite.php.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xoops xoops 1.0_rc1
CVE-2002-1802 MEDIUM

Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag when submitting news.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xoops xoops 1.0_rc3
CVE-2002-2386 MEDIUM

Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
xoops xoops 1.0_rc3
CVE-2002-2391 HIGH

SQL injection vulnerability in index.php of WebChat 1.5 included in XOOPS 1.0 allows remote attackers to execute arbitrary SQL commands via the roomid parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
webchat.org webchat 1.5
xoops xoops 1.0
CVE-2003-1453 MEDIUM

Cross-site scripting (XSS) vulnerability in the MytextSanitizer function in XOOPS 1.3.5 through 1.3.9 and XOOPS 2.0 through 2.0.1 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in an IMG tag.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
xoops xoops 1.3.7
xoops xoops 1.3.8
xoops xoops 1.3.9
xoops xoops 2.0.1
xoops xoops 1.3.6
xoops xoops 2.0
xoops xoops 1.3.5
CVE-2003-1550 MEDIUM

XOOPS 2.0, and possibly earlier versions, allows remote attackers to obtain sensitive information via an invalid xoopsOption parameter, which reveals the installation path in an error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
xoops xoops *
CVE-2004-2756 MEDIUM

Cross-site scripting (XSS) vulnerability in viewtopic.php in Xoops 2.x, possibly 2 through 2.0.5, allows remote attackers to inject arbitrary web script or HTML via the (1) forum and (2) topic_id parameters.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
xoops xoops 2.0.5.1
xoops xoops 2.0.1
xoops xoops 2.0.2
xoops xoops 2.0.5
xoops xoops 2.0.5.2
xoops xoops 2.0.3
xoops xoops 2.0
CVE-2005-0743 HIGH

The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xoops xoops 2.0.5.1
xoops xoops 1.0_rc3
xoops xoops 2.0.1
xoops xoops 2.0.2
xoops xoops 2.0.5
xoops xoops 2.0.5.2
xoops xoops 1.3.6
xoops xoops 2.0.3
xoops xoops 2.0
xoops xoops 1.3.5
xoops xoops 1.3.7
xoops xoops 2.0.9.2
xoops xoops 1.0_rc3.0.5
xoops xoops 1.0_rc1
xoops xoops 1.3.8
xoops xoops 1.3.9
xoops xoops 1.3.10
CVE-2005-2112 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xoops xoops 2.0.5.1
xoops xoops 2.0.9
xoops xoops 2.0.4
xoops xoops 2.0.1
xoops xoops 2.0.2
xoops xoops 2.0.6
xoops xoops 2.0.5
xoops xoops 2.0.5.2
xoops xoops 2.0.3
xoops xoops 2.0
xoops xoops 2.0.7
xoops xoops 2.0.9.2
xoops xoops 2.0.11
xoops xoops 2.0.9.3
xoops xoops 2.0.10
CVE-2005-2113 HIGH

SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost method.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xoops xoops 2.0.5.1
xoops xoops 2.0.9
xoops xoops 2.0.4
xoops xoops 2.0.1
xoops xoops 2.0.2
xoops xoops 2.0.6
xoops xoops 2.0.5
xoops xoops 2.0.5.2
xoops xoops 2.0.3
xoops xoops 2.0
xoops xoops 2.0.7
xoops xoops 2.0.9.2
xoops xoops 2.0.11
xoops xoops 2.0.9.3
xoops xoops 2.0.10
CVE-2005-2338 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP and earlier, XOOPS 2.0.13.1 and earlier, and 2.2.x up to 2.2.3 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) modules that use "XOOPS Code" and (2) newbb in the forum module.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xoops xoops *
CVE-2005-3680 MEDIUM

Directory traversal vulnerability in editor_registry.php in XOOPS 2.2.3 allows remote attackers to read or include arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xoops xoops 2.2.3
CVE-2005-3681 HIGH

SQL injection vulnerability in viewcat.php in XOOPS WF-Downloads module 2.05 allows remote attackers to execute arbitrary SQL commands via the list parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xoops wf-downloads 2.05
CVE-2006-0198 MEDIUM

Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xoops xoops_pool_module *
CVE-2006-2516 MEDIUM

mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
xoops xoops 2.0.5.1
xoops xoops 2.0.9
xoops xoops *
xoops xoops 2.0.4
xoops xoops 2.0.1
xoops xoops 2.0.2
xoops xoops 2.0.6
xoops xoops 2.0.12_jp
xoops xoops 2.0.5
xoops xoops 2.0.5.2
xoops xoops 2.0.3
xoops xoops 2.0.13.1
xoops xoops 2.0
xoops xoops 2.0.7
xoops xoops 2.0.9.2
xoops xoops 2.0.11
xoops xoops 2.0.9.3
xoops xoops 2.0.10
CVE-2006-3363 MEDIUM

PHP remote file inclusion vulnerability in index.php in the Glossaire module 1.7 for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the pa parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xoops xoops_glossaire_module 1.7
CVE-2006-5810 MEDIUM

Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist.php in XOOPS 1.0 allows remote attackers to inject arbitrary web script or HTML via the newdownloadshowdays parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xoops xoops 1.0
CVE-2007-1976 HIGH

PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. NOTE: the issue has been disputed by a reliable third party, stating that the application's checkSuperglobals function defends against the attack

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xoops xoops_virii_info_module *
CVE-2009-2783 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) op parameter to modules/pm/viewpmsg.php and (2) query string to modules/profile/user.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
xoops xoops 2.3.3
CVE-2009-4851 MEDIUM

The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
xoops xoops 2.0.0_rc2
xoops xoops 2.4.0_beta_2
xoops xoops 1.0_rc3
xoops xoops 2.0.1
xoops xoops 2.0.6
xoops xoops 2.0.13
xoops xoops 1.0
xoops xoops 2.3.0_alpha2
xoops xoops 1.3.6
xoops xoops 2.0.3
xoops xoops 2.3.3
xoops xoops 2.0.12a
xoops xoops 2.0.7.2
xoops xoops 2.0.0_rc1
xoops xoops 2.0.13.2
xoops xoops 2.0.7.1
xoops xoops 2.3.2b
xoops xoops 2.4.0_rc
xoops xoops 2.0.17
xoops xoops *
xoops xoops 2.0.2
xoops xoops 2.0.5.2
xoops xoops 2.0.13.1
xoops xoops 2.0.16
xoops xoops 2.0.9.2
xoops xoops 2.0.12
xoops xoops 1.0_rc3.0.5
xoops xoops 1.0_rc1
xoops xoops 1.3.9
xoops xoops 2.4.0_beta_1
xoops xoops 2.3.0_beta
xoops xoops 2.0.14
xoops xoops 2.3.0_alpha_3
xoops xoops 2.0.5.1
xoops xoops 2.0.15
xoops xoops 2.3.1_rc
xoops xoops 2.3.0_rc3
xoops xoops 2.0.4
xoops xoops 2.0.0
xoops xoops 1.3.5
xoops xoops 2.0.0_rc3
xoops xoops 1.3.7
xoops xoops 1.3.8
xoops xoops 2.3.2a
xoops xoops 2.0.9.3
xoops xoops 2.0.7.3
xoops xoops 1.3.10
xoops xoops 2.0.10
xoops xoops 2.0.10_rc
xoops xoops 2.0.18.1
xoops xoops 2.3.0_rc2
xoops xoops 2.0.17.1
xoops xoops 2.3.1
xoops xoops 2.0.18
xoops xoops 2.0.9
xoops xoops 2.0.14-rc1
xoops xoops 2.3.0
xoops xoops 2.0.7
xoops xoops 2.3.0_rc
xoops xoops 2.0.11
xoops xoops 2.0.5_rc
xoops xoops 2.3.0_alpha1
CVE-2011-3822 MEDIUM

XOOPS 2.5.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/system/xoops_version.php and certain other files.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
xoops xoops 2.5.0
CVE-2011-4565 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to include/formdhtmltextarea_preview.php or (2) img BBCODE tag within the message parameter to pmlite.php (aka Private Message). NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
xoops xoops 2.0.15
xoops xoops 2.4.0
xoops xoops 2.5.1
xoops xoops 2.3.3b
xoops xoops 2.3.3
xoops xoops 2.5.0
xoops xoops 2.4.2
xoops xoops 2.4.3
xoops xoops 2.0.13.2
xoops xoops 2.3.2a
xoops xoops 2.4.1
xoops xoops 2.3.2b
xoops xoops 2.0.18.1
xoops xoops 2.0.17.1
xoops xoops 2.0.17
xoops xoops 2.3.1
xoops xoops 2.4.4
xoops xoops 2.0.18
xoops xoops *
xoops xoops 2.0.18.2
xoops xoops 2.0.2
xoops xoops 2.0.16
xoops xoops 2.3.0
xoops xoops 2.4.5
xoops xoops 2.0.14
CVE-2014-3935 HIGH

SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
xoops glossaire_module 1.0
CVE-2014-8999 MEDIUM

SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
xoops xoops *
CVE-2017-11174 HIGH

In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
xoops xoops 2.5.8.1
CVE-2017-12138 MEDIUM

XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
xoops xoops 2.5.8
CVE-2017-12139 MEDIUM

XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
xoops xoops 2.5.8
CVE-2017-7290 MEDIUM

SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses "into outfile" to create a backdoor program.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
xoops xoops 2.5.7.2
xoops xoops 2.5.8.1
xoops xoops 2.5.7.3
CVE-2017-7944 MEDIUM

XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install DB failure error message in page_dbsettings.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
xoops xoops 2.5.8.1
CVE-2019-16683 LOW

An issue was discovered in the image-manager in Xoops 2.5.10. When the breadcrumb showing the category name is hovered over while editing any image, a JavaScript payload executes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
xoops xoops 2.5.10
CVE-2019-16684 LOW

An issue was discovered in the image-manager in Xoops 2.5.10. When any image with a JavaScript payload as its name is hovered over in the list or in the Edit page, the payload executes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
xoops xoops 2.5.10
CVE-2023-36217

Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function.

Products Affected

Vendor Product Version
xoops xoops 2.5.10