First published: Mon Sep 30 2019(Updated: )
An issue was discovered in the image-manager in Xoops 2.5.10. When the breadcrumb showing the category name is hovered over while editing any image, a JavaScript payload executes.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Xoops Xoops | =2.5.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-16683 is an issue discovered in the image-manager in Xoops 2.5.10, where a JavaScript payload executes when the breadcrumb showing the category name is hovered over while editing any image.
The severity of CVE-2019-16683 is medium, with a severity score of 4.8.
Xoops version 2.5.10 is affected by CVE-2019-16683.
To fix CVE-2019-16683, apply the latest patch or upgrade to a newer version of Xoops.
You can find more information about CVE-2019-16683 at the following references: [1](https://blog.nirajkhatiwada.com.np/cve-2019-16683-stored-cross-site-scripting/), [2](https://github.com/XOOPS/XoopsCore25/commits/master), [3](https://xoops.org/modules/publisher/)