VYPR

Xoopscore

by XOOPS

Source repositories

CVEs (4)

  • CVE-2017-12139MedAug 2, 2017
    risk 0.40cvss 6.1epss 0.01

    XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php.

  • CVE-2017-12138MedAug 2, 2017
    risk 0.40cvss 6.1epss 0.03

    XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter.

  • CVE-2004-1640Aug 28, 2004
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and 1.0 allow remote attackers to execute arbitrary web script and HTML via the (1) terme parameter to search.php or (2) letter parameter to letter.php.

  • CVE-2023-36217Aug 3, 2023
    risk 0.00cvss epss 0.01

    Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function.