Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function.
{
"versions": [
{
"introduced": "0"
},
{
"last_affected": "2.5.10"
}
]
}