CVE-2019-12361
EmpireCMS 7.5.0 is affected by an XSS flaw reachable via the from parameter to e/member/doaction.php. The issue is demonstrated using a CSRF payload that alters the dynamic page template, with the attacker able to trigger a registered activation mail page (e/template/member/regsend.php). This sum...