CVE-2023-36217

Published August 3rd, 2023

View on NVD ↗

CVSS v3

CRITICAL

CVSS v2

N/A

Affected

PROJECT

Description

Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function.

XOOPS/XoopsCore25

XOOPS Core 2.5.x (current release is 2.5.11: https://github.com/XOOPS/XoopsCore25/releases)

GitHub