CVE-2019-16683

2019-09-3016:15:11

Google

osv.dev

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

26.1%

JSON

An issue was discovered in the image-manager in Xoops 2.5.10. When the breadcrumb showing the category name is hovered over while editing any image, a JavaScript payload executes.

References

blog.nirajkhatiwada.com.np/cve-2019-16683-stored-cross-site-scripting/

github.com/XOOPS/XoopsCore25/commits/master

xoops.org/modules/publisher/