.. / CVE-2019-8390

Exploit for qdPM 9.1 - Cross-site Scripting (CVE-2019-8390)

Description:

qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keywords] parameter.

Nuclei Template

View the template here CVE-2019-8390.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-8390.yaml
Copy

References:

https://github.com/ARPSyndicate/cvemon
http://sourceforge.net/projects/qdpm
https://www.exploit-db.com/exploits/46399/
https://nvd.nist.gov/vuln/detail/CVE-2019-8390
http://qdpm.net/download-qdpm-free-project-management