CVE-2019-16684
Published
CVSS v3
4.8
MEDIUM
CVSS v2
3.5
LOW
Affected
1
PROJECT
Description
An issue was discovered in the image-manager in Xoops 2.5.10. When any image with a JavaScript payload as its name is hovered over in the list or in the Edit page, the payload executes.
XOOPS Core 2.5.x (current release is 2.5.11: https://github.com/XOOPS/XoopsCore25/releases)
GitHub