The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php.
CVSS Score
5.0
EPSS Score
0.003
Published
2010-05-07
Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist.php in XOOPS 1.0 allows remote attackers to inject arbitrary web script or HTML via the newdownloadshowdays parameter.
CVSS Score
6.8
EPSS Score
0.004
Published
2006-11-08
SQL injection vulnerability in index.php of WebChat 1.5 included in XOOPS 1.0 allows remote attackers to execute arbitrary SQL commands via the roomid parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2002-12-31