First published: Mon Sep 30 2019(Updated: )
An issue was discovered in the image-manager in Xoops 2.5.10. When any image with a JavaScript payload as its name is hovered over in the list or in the Edit page, the payload executes.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Xoops Xoops | =2.5.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-16684 is medium with a CVSS score of 4.8.
CVE-2019-16684 affects Xoops 2.5.10 by allowing execution of a JavaScript payload when hovering over an image with that payload as its name in the list or Edit page.
To fix CVE-2019-16684, it is recommended to update to a patched version of Xoops 2.5.10 or apply the necessary security patches.
The Common Weakness Enumeration (CWE) ID of CVE-2019-16684 is 79.