Tag Archives: CVE-2019-16683

CVE-2019-16683 – Stored Cross Site Scripting

admin/ September 24, 2019/ POC/ 0 comments

A Stored Cross Site Scripting issue was discovered in the image-manager in Xoops 2.5.10 The CVE is live at, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16683 To exploit the vulnerability, someone needed to have access to the category for managing and uploading images and needs to hover over the breadcrumb of category name while editing any image in the category. Proof of Concept: