CVE-2019-12361

2019-05-27T23:29:00
ID CVE-2019-12361
Type cve
Reporter cve@mitre.org
Modified 2020-08-24T17:37:00

Description

EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page.