CVE-2023-36217

Name of the Vulnerable Software and Affected Versions Xoops CMS version 2.5.10

Description A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the category name field of the image manager function. This enables the attacker to inject malicious scripts into the website, potentially leading to unauthorized access or data theft.

Recommendations For Xoops CMS version 2.5.10, consider disabling the image manager function until a patch is available to prevent exploitation of the Cross Site Scripting issue. Restrict access to the category name field to minimize the risk of arbitrary code execution.