CVE-2009-2783 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2783): Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) op parameter to modules/pm/viewpmsg.php and (2) query string to modules/profile/user.php.
It's hardmasked, but you still might want to fix this. ;)
CVE-2009-3963 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3963): Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final have unknown impact and attack vectors.
Since maintainers are not active and there is no major interest in the package (no users cc'd on the bugs), I have marked this package for removal: +# Alex Legler <a3li@gentoo.org> (23 Nov 2009) +# [Security] Masked for removal, bug 285020 +www-apps/xoops + Treecleaners, all yours.
Package is gone from the tree.