CVE-2019-16683 – Stored Cross Site Scripting
A Stored Cross Site Scripting issue was discovered in the image-manager in Xoops 2.5.10
The CVE is live at,
To exploit the vulnerability, someone needed to have access to the category for managing and uploading images and needs to hover over the breadcrumb of category name while editing any image in the category.
Proof of Concept: