CVE-2019-13977

MEDIUM

Ovidentia 8.4.3 - Cross-Site Scripting via Multiple Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-13977. PoCs published by n3k00n3.

AI-analyzed exploit summary This exploit demonstrates multiple stored and reflected XSS vulnerabilities in Ovidentia CMS 8.4.3. It provides specific endpoints and fields where malicious scripts can be injected, leading to arbitrary JavaScript execution in the context of the application.

Description

index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=.

Exploits (1)

exploitdb WORKING POC

by n3k00n3 · textwebappsphp

https://www.exploit-db.com/exploits/47159

View Code ZIP pw:eip

This exploit demonstrates multiple stored and reflected XSS vulnerabilities in Ovidentia CMS 8.4.3. It provides specific endpoints and fields where malicious scripts can be injected, leading to arbitrary JavaScript execution in the context of the application.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Ovidentia CMS 8.4.3

Auth required

Prerequisites: Access to authenticated sessions · Ability to send crafted HTTP requests

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/Kitsun3Sec/exploits/blob/master/cms/ovidentia/exploitXSSOvidentia.txt

View Exploit ZIP pw:eip

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/153737/Ovidentia-8.4.3-Cross-Site-Scripting.html

Scores

CVSS v3 5.4

EPSS 0.0150

EPSS Percentile 71.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

ovidentia/ovidentia 8.4.3

Published Jul 19, 2019

Tracked Since Feb 18, 2026