Security Advisory

CVE-2019-12361

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-05-27 22:49:57

Last updated 2024-08-04 23:17:39

Assigner mitre

State PUBLISHED

Description

EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page.

← Browse all CVEs View on cve.org ↗