Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist.php in XOOPS 1.0 allows remote attackers to inject arbitrary web script or HTML via the newdownloadshowdays parameter.

Cross-site scripting (XSS) vulnerability in nquser.php in VIRtech Netquery allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.

Cross-site scripting (XSS) vulnerability in rmgs/images.php in RMSOFT Gallery System 2.0 allows remote attackers to inject arbitrary web script or HTML via the kw parameter. NOTE: some of these details are obtained from third party information.

SQL injection vulnerability in edituser.php in Xoops before 2.0.15 allows remote attackers to execute arbitrary SQL commands via the user_avatar parameter.

PHP remote file inclusion vulnerability in index.php in the Glossaire module 1.7 for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the pa parameter.

mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file.

Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment.

Directory traversal vulnerability in editor_registry.php in XOOPS 2.2.3 allows remote attackers to read or include arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter.

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP and earlier, XOOPS 2.0.13.1 and earlier, and 2.2.x up to 2.2.3 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) modules that use "XOOPS Code" and (2) newbb in the forum module.

SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost method.