.. / CVE-2019-19908

Exploit for phpMyChat-Plus 1.98 - Cross-Site Scripting (CVE-2019-19908)

Description:

phpMyChat-Plus 1.98 contains a cross-site scripting vulnerability via pmc_username parameter of pass_reset.php in password reset URL.

Nuclei Template

View the template here CVE-2019-19908.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-19908.yaml
Copy

References:

http://ciprianmp.com/
https://github.com/ARPSyndicate/kenzer-templates
https://cinzinga.github.io/CVE-2019-19908/
https://sourceforge.net/projects/phpmychat/
https://nvd.nist.gov/vuln/detail/CVE-2019-19908