Description
XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php.
Remediation
References
Related Vulnerabilities
Apache HTTP Server CVE-2004-0751 Vulnerability (CVE-2004-0751)
WordPress Plugin NewStatPress Multiple Vulnerabilities (1.0.4)
Seo Panel Server-Side Request Forgery (SSRF) Vulnerability (CVE-2024-22648)
Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10353)
WordPress Plugin Mailtree Log Mail Cross-Site Scripting (1.0.0)