Xoops : Security Vulnerabilities, CVEs, Published In 2014
SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter.
Max CVSS
6.5
EPSS Score
0.11%
Published
2014-11-20
Updated
2014-11-24
SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter.
Max CVSS
7.5
EPSS Score
0.11%
Published
2014-06-02
Updated
2014-06-03
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) to_userid parameter to modules/pm/pmlite.php or the (2) current_file, (3) imgcat_id, or (4) target parameter to class/xoopseditor/tinymce/tinymce/jscripts/tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php.
Max CVSS
4.3
EPSS Score
1.92%
Published
2014-09-11
Updated
2017-08-29
3 vulnerabilities found