CVE-2019-19368

MEDIUM NUCLEI

Rumpus FTP Web File Manager 8.2.9.1 - XSS

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2019-19368. PoCs published by Harshit Shukla. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in Rumpus FTP Web File Manager 8.2.9.1. The payload is injected via the URL parameter, triggering an alert upon page load.

Description

A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts

Exploits (2)

exploitdb WORKING POC

by Harshit Shukla · textwebappsasp

https://www.exploit-db.com/exploits/47789

View Code ZIP pw:eip

This exploit demonstrates a reflected XSS vulnerability in Rumpus FTP Web File Manager 8.2.9.1. The payload is injected via the URL parameter, triggering an alert upon page load.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Rumpus FTP Web File Manager 8.2.9.1

No auth needed

Prerequisites: Access to the vulnerable login page

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

inthewild WRITEUP

poc

https://github.com/harshit-shukla/cve-2019-19368

View Code ZIP pw:eip

This repository contains detailed technical writeups for multiple CVEs affecting Rumpus FTP Web File Manager, including XSS, CSRF, and privilege escalation vulnerabilities. Each file provides descriptions, payloads, and exploitation methods without functional exploit code.

Classification

Writeup 95%

Attack Type

Xss | Csrf | Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Rumpus FTP Web File Manager 8.2.9.1

No auth needed

Prerequisites: victim interaction for XSS/CSRF · crafted URLs or requests

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Feb 23, 2026 Full analysis →

Nuclei Templates (1)

Rumpus FTP Web File Manager 8.2.9.1 - Cross-Site Scripting

MEDIUMby madrobot

References (3)

Core 3

Core References

Vendor Advisory x_refsource_misc

https://www.maxum.com/Rumpus/Download.html

Exploit, Third Party Advisory x_refsource_misc

https://github.com/harshit-shukla/CVE-2019-19368/

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/155719/Rumpus-FTP-Web-File-Manager-8.2.9.1-Cross-Site-Scripting.html

Scores

CVSS v3 6.1

EPSS 0.7564

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

maxum/rumpus 8.2.9.1

Published Dec 16, 2019

Tracked Since Feb 18, 2026