CVE-2020-19515 PoC — qdPM 跨站脚本漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-19515.yaml

Associated Vulnerability

Title:qdPM 跨站脚本漏洞 (CVE-2020-19515)
Description:qdPM是一款基于Web的开源项目管理工具。 qdPM 中存在跨站脚本漏洞，该漏洞源于产品qdPMinstallmodulesdatabase_config.php文件缺少对用户端数据的有效验证。攻击者可通过该漏洞执行客户端代码。以下产品及版本受到影响：qdPM V9.1。

Description

qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install\modules\database_config.php.

File Snapshot


 id: CVE-2020-19515

info:
  name: qdPM 9.1 - Cross-site Scripting
  author: theamanrawat
  severity:

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.