CVE-2019-16683

{"id": "CVE-2019-16683", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2019-09-30T16:15:11.167", "references": [{"url": "https://blog.nirajkhatiwada.com.np/cve-2019-16683-stored-cross-site-scripting/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/XOOPS/XoopsCore25/commits/master", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://xoops.org/modules/publisher/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://blog.nirajkhatiwada.com.np/cve-2019-16683-stored-cross-site-scripting/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/XOOPS/XoopsCore25/commits/master", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://xoops.org/modules/publisher/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the image-manager in Xoops 2.5.10. When the breadcrumb showing the category name is hovered over while editing any image, a JavaScript payload executes."}, {"lang": "es", "value": "Se detect\u00f3 un problema en el administrador de im\u00e1genes en Xoops versi\u00f3n 2.5.10. Cuando se desplaza la ruta de exploraci\u00f3n (breadcrumb) que muestra el nombre de la categor\u00eda sobre la edici\u00f3n de cualquier imagen, se ejecuta una carga \u00fatil de JavaScript."}], "lastModified": "2024-11-21T04:30:58.603", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xoops:xoops:2.5.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C58EABF-44CF-4C84-9DC5-49F69872AC4C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}