Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-36217: Release XOOPS Version 2.5.10 Final · XOOPS/XoopsCore25

Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function.

CVE
Open in Source
#sql#xss#vulnerability#php

This version includes numerous improvements and fixes, including:

  • PHP 7.3 compatibility
  • MySQL 8.0 compatibility
  • XMF improvements for module writers
  • Security updates
  • Updated libraries
  • and many more fixes and updates

See the changelog for more details.

Asset Checksums

SHA256 
0947834f3943b9352ae3dc21235d83593a60948092c9490a54dbe02aa95202eb  XoopsCore25-2.5.10.tar.gz
0de298a9680a7aad7627e786750ee6d0f084925f824175a59edeb7577f9cb6c6  XoopsCore25-2.5.10.zip

MD5
4765767d341826f175fd41831c49bba2  XoopsCore25-2.5.10.tar.gz
9d5f77d0b3bfeb6a75e844a42a162a92  XoopsCore25-2.5.10.zip

Individual file checksums are available in XOOPS/xfilecheck

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE