Vulnerability Details CVE-2019-16684
An issue was discovered in the image-manager in Xoops 2.5.10. When any image with a JavaScript payload as its name is hovered over in the list or in the Edit page, the payload executes.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.2%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
- https://blog.nirajkhatiwada.com.np/cve-2019-16684-stored-cross-site-scripting/
- https://github.com/XOOPS/XoopsCore25/commits/master
- https://xoops.org/modules/publisher/
- https://blog.nirajkhatiwada.com.np/cve-2019-16684-stored-cross-site-scripting/
- https://github.com/XOOPS/XoopsCore25/commits/master
- https://xoops.org/modules/publisher/