Description
An issue was discovered in the image-manager in Xoops 2.5.10. When the breadcrumb showing the category name is hovered over while editing any image, a JavaScript payload executes.
Remediation
References
Related Vulnerabilities
WordPress Plugin Edwiser Bridge-WordPress Moodle LMS Integration Unspecified Vulnerability (2.0.7)
WordPress Plugin WPshop-eCommerce Arbitrary File Upload (1.3.9.5)
WordPress Plugin AVK-Shop Multiple Cross-Site Scripting Vulnerabilities (1.1.1)
Grafana Improper Authentication Vulnerability (CVE-2022-32276)