Unrated severityNVD Advisory· Published May 27, 2019· Updated Aug 4, 2024

CVE-2019-12361

Description

EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page.

Affected products

EmpireCMS/EmpireCMSdescription
Empire CMS/Empire CMSllm-fuzzy
Range: =7.5.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/coolboy0816/audit/issues/3mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000