XOOPS/XoopsCore25

XOOPS/XoopsCore25

Releases31

Frequency3 months 3 weeks

Last Release 10 months ago

Stars73

XOOPS Core 2.5.x (current release is 2.5.11: https://github.com/XOOPS/XoopsCore25/releases)

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-36217 ↗	Aug 3, 2023Thursday, 3 August 2023, 18:15	9 CRITICAL	—
Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function.
CVE-2019-16683 ↗	Sep 30, 2019Monday, 30 September 2019, 16:15	4.8 MEDIUM	3.5 LOW
An issue was discovered in the image-manager in Xoops 2.5.10. When the breadcrumb showing the category name is hovered over while editing any image, a JavaScript payload executes.
CVE-2019-16684 ↗	Sep 30, 2019Monday, 30 September 2019, 16:15	4.8 MEDIUM	3.5 LOW
An issue was discovered in the image-manager in Xoops 2.5.10. When any image with a JavaScript payload as its name is hovered over in the list or in the Edit page, the payload executes.
CVE-2017-12138 ↗	Aug 2, 2017Wednesday, 2 August 2017, 05:29	—	5.8 MEDIUM
XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter.
CVE-2017-12139 ↗	Aug 2, 2017Wednesday, 2 August 2017, 05:29	—	4.3 MEDIUM
XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php.