CVE-2019-16683

CVE-2019-16683

EPSS 1.0%

An issue was discovered in the image-manager in Xoops 2.5.10. When the breadcrumb showing the category name is hovered over while editing any image, a JavaScript payload executes.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://blog.nirajkhatiwada.com.np/cve-2019-16683-stored-cross-site-scripting/https://github.com/XOOPS/XoopsCore25/commits/master https://xoops.org/modules/publisher/