CVE-2019-16684

Name of the Vulnerable Software and Affected Versions Xoops version 2.5.10

Description An issue was discovered in the image-manager. When any image with a JavaScript payload as its name is hovered over in the list or in the Edit page, the payload executes.

Recommendations For Xoops version 2.5.10, consider disabling the image-manager functionality until a patch is available to prevent potential exploitation. Restrict access to the image-manager module to minimize the risk of payload execution. Avoid hovering over suspicious images in the list or Edit page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.