CVE-2019-16683

Name of the Vulnerable Software and Affected Versions Xoops version 2.5.10

Description An issue was discovered in the image-manager. When the breadcrumb showing the category name is hovered over while editing any image, a JavaScript payload executes.

Recommendations For Xoops version 2.5.10, consider disabling JavaScript execution in the image-manager as a temporary workaround until a patch is available. Restrict access to the image-manager to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.