Description
XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php.
Remediation
References
Related Vulnerabilities
PHP Improper Encoding or Escaping of Output Vulnerability (CVE-2024-1874)
Rukovoditel Cleartext Storage of Sensitive Information Vulnerability (CVE-2020-11821)
MediaWiki Improper Handling of Exceptional Conditions Vulnerability (CVE-2020-25869)
WordPress Plugin Accept Donations with PayPal Cross-Site Scripting (1.3.1)