id: CVE-2019-19368 info: name: Rumpus FTP Web File Manager 8.2.9.1 XSS author: madrobot severity: medium description: A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts reference: - https://github.com/harshit-shukla/CVE-2019-19368/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2019-19368 cwe-id: CWE-79 tags: cve,cve2019,xss,ftp requests: - method: GET path: - "{{BaseURL}}/Login?!'>" part: body