.. / CVE-2020-19515

Exploit for qdPM 9.1 - Cross-site Scripting (CVE-2020-19515)

Description:

qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install\modules\database_config.php.

Nuclei Template

View the template here CVE-2020-19515.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-19515.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2020-19515
https://topsecalphalab.github.io/CVE/qdPM9.1-Installer-Cross-Site-Scripting
http://qdpm.net/download-qdpm-free-project-management