This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Xoops First view 2011-11-28
Product Xoops Last view 2014-11-20
Version 2.4.3 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:xoops:xoops

Activity : Overall

Related : CVE

  Date Alert Description
6.5 2014-11-20 CVE-2014-8999

SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter.
4.3 2014-09-11 CVE-2012-0984

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) to_userid parameter to modules/pm/pmlite.php or the (2) current_file, (3) imgcat_id, or (4) target parameter to class/xoopseditor/tinymce/tinymce/jscripts/tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php.
4.3 2011-11-28 CVE-2011-4565

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to include/formdhtmltextarea_preview.php or (2) img BBCODE tag within the message parameter to pmlite.php (aka Private Message). NOTE: some of these details are obtained from third party information.

CWE : Common Weakness Enumeration

%idName
66% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
33% (1) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...

Open Source Vulnerability Database (OSVDB)

id Description
76110 Xoops pmlite.php message Parameter [img] BBCode Tag XSS
76109 Xoops include/formdhtmltextarea_preview.php text Parameter XSS

ExploitDB Exploits

id Description
18753 XOOPS 2.5.4 Multiple XSS Vulnerabilities

OpenVAS Exploits

id Description
2011-12-05 Name : XOOPS 'text' and 'message' Parameter Cross-Site Scripting Vulnerabilities
File : nvt/gb_xoops_text_param_mult_xss_vuln.nasl