CVE-2019-11504

MEDIUM

Zotonic < 0.47.0 - Cross-Site Scripting in mod_admin

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-11504. PoCs published by Ramòn Janssen.

AI-analyzed exploit summary This is a writeup describing a reflected XSS vulnerability in Zotonic's admin module. It details affected URLs, parameters, and the vulnerable source code files, but does not include executable exploit code.

Description

Zotonic before version 0.47 has mod_admin XSS.

Exploits (1)

exploitdb WRITEUP

by Ramòn Janssen · textwebappsmultiple

https://www.exploit-db.com/exploits/46788

View Code ZIP pw:eip

This is a writeup describing a reflected XSS vulnerability in Zotonic's admin module. It details affected URLs, parameters, and the vulnerable source code files, but does not include executable exploit code.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Zotonic <=0.46

Auth required

Prerequisites: Authenticated admin user · Victim must visit crafted URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Release Notes, Vendor Advisory x_refsource_misc

http://docs.zotonic.com/en/latest/developer-guide/releasenotes/rel_0.47.0.html

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/46788/

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/152717/Zotonic-0.46-mod_admin-Cross-Site-Scripting.html

Scores

CVSS v3 4.8

EPSS 0.0253

EPSS Percentile 82.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

zotonic/zotonic < 0.47.0

Published Apr 24, 2019

Tracked Since Feb 18, 2026