Description

Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function.

Remediation

References

CVE-2023-36217

Related Vulnerabilities

Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-4220)

Internet Information Services CVE-2006-6578 Vulnerability (CVE-2006-6578)

WordPress Plugin Aspose DOC Exporter Arbitrary File Download (1.0)

Jboss EAP Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2011-2487)

Atlassian Confluence CVE-2023-22503 Vulnerability (CVE-2023-22503)

Severity

Critical

Classification

CVE-2023-36217 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities