VYPR
Medium severity6.1NVD Advisory· Published Feb 22, 2019· Updated Jun 17, 2026

CVE-2019-9016

CVE-2019-9016

Description

An XSS vulnerability was discovered in MOPCMS through 2018-11-30. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[name] parameter in a mod=column request, as demonstrated by the /mopcms/X0AZgf(index).php?mod=column&ac=list&menuid=28&ac=add&menuid=29 URI.

Affected products

2
  • Mopcms/Mopcmsinferred2 versions
    <= 2018-11-30+ 1 more
    • (no CPE)range: <= 2018-11-30
    • (no CPE)range: <=2018-11-30

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.