CVE-2019-19908
CVE-2019-19908
Vexday Risk Score
23Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 21.2%KEV nãoPoC —Nuclei simMetasploit —Patch —
Lifecycle
20 Dec 2019Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.
Affected products
n/a · n/a