CVE-2019-16683

2019-09-3015:15:23

mitre

www.cve.org

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.7%

JSON

An issue was discovered in the image-manager in Xoops 2.5.10. When the breadcrumb showing the category name is hovered over while editing any image, a JavaScript payload executes.

References

blog.nirajkhatiwada.com.np/cve-2019-16683-stored-cross-site-scripting/

github.com/XOOPS/XoopsCore25/commits/master

xoops.org/modules/publisher/