Tag Archives: CVE-2019-16684

CVE-2019-16684 – Stored Cross Site Scripting

admin/ September 24, 2019/ POC/ 0 comments

A Stored Cross Site Scripting issue was discovered in the image-manager in Xoops 2.5.10 The CVE is live at, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16684 To exploit the vulnerability, someone needed to hover over the uploaded image with the image name as XSS payload or hover the image on the ‘Edit’ page. Proof of Concept: