Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-12139)

Description

XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php.

Remediation

References

Related Vulnerabilities

Jboss Deserialization of Untrusted Data Vulnerability (CVE-2017-7504)

e107 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-50916)

WordPress Plugin Database Backup for WordPress 'edit.php' Directory Traversal (1.7)

Drupal Core 4.7.x Arbitrary Code Execution (4.7.0)

WordPress Plugin Viper's Video Quicktags Unspecified Vulnerability (6.4.4)

Severity

Medium

Classification

CVE-2017-12139 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities