CVE-2019-16683

Опубликовано: 30 сент. 2019

Источник: nvd

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

An issue was discovered in the image-manager in Xoops 2.5.10. When the breadcrumb showing the category name is hovered over while editing any image, a JavaScript payload executes.

Ссылки

https://blog.nirajkhatiwada.com.np/cve-2019-16683-stored-cross-site-scripting/
Exploit
Third Party Advisory
https://github.com/XOOPS/XoopsCore25/commits/master
Patch
Third Party Advisory
https://xoops.org/modules/publisher/
Vendor Advisory
https://blog.nirajkhatiwada.com.np/cve-2019-16683-stored-cross-site-scripting/
Exploit
Third Party Advisory
https://github.com/XOOPS/XoopsCore25/commits/master
Patch
Third Party Advisory
https://xoops.org/modules/publisher/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:xoops:xoops:2.5.10:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00389

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-fqrf-77gm-wg2v