Skip to main content
CVE-2019-12362 MEDIUM POC This Month

EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Empirecms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-12361 MEDIUM POC This Month

EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS PHP Empirecms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2019-12360 HIGH This Week

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Xpdfreader
NVD
CVSS 3.0
7.1
EPSS
1.1%
CVE-2019-12345 MEDIUM This Month

XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Hostel
NVD
CVSS 3.0
6.1
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy