CVE-2019-16684 – Stored Cross Site Scripting

admin/ September 24, 2019/ POC/ 0 comments

A Stored Cross Site Scripting issue was discovered in the image-manager in Xoops 2.5.10

The CVE is live at,

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16684

To exploit the vulnerability, someone needed to hover over the uploaded image with the image name as XSS payload or hover the image on the ‘Edit’ page.

Proof of Concept:

Share this Post

Leave a Comment