Xoops : Security Vulnerabilities, CVEs, CVSS score >= 8

CVE-2023-36217

Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function.
Max CVSS
9.0
EPSS Score
0.23%
Published
2023-08-03
Updated
2023-08-08

CVE-2017-11174

In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses.
Max CVSS
9.8
EPSS Score
0.14%
Published
2017-07-12
Updated
2017-07-27
2 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close