Tag Archives: nirajkhatiwada.com.np

CVE-2019-16684 – Stored Cross Site Scripting

admin/ September 24, 2019/ POC/ 0 comments

A Stored Cross Site Scripting issue was discovered in the image-manager in Xoops 2.5.10 The CVE is live at, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16684 To exploit the vulnerability, someone needed to hover over the uploaded image with the image name as XSS payload or hover the image on the ‘Edit’ page. Proof of Concept:

CVE-2019-16683 – Stored Cross Site Scripting

admin/ September 24, 2019/ POC/ 0 comments

A Stored Cross Site Scripting issue was discovered in the image-manager in Xoops 2.5.10 The CVE is live at, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16683 To exploit the vulnerability, someone needed to have access to the category for managing and uploading images and needs to hover over the breadcrumb of category name while editing any image in the category. Proof of Concept: