CVE-2019-19908
MEDIUM NUCLEIphpMyChat-Plus 1.98 - Reflected Cross-Site Scripting via Password Reset URL Parameter
Title source: llmExploitation Summary
CVE-2019-19908 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.
Nuclei Templates (1)
phpMyChat-Plus 1.98 - Cross-Site Scripting
MEDIUMVERIFIEDby madrobot
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
http://ciprianmp.com/
Third Party Advisory x_refsource_misc
https://sourceforge.net/projects/phpmychat/
Third Party Advisory x_refsource_misc
https://cinzinga.github.io/CVE-2019-19908/
Scores
CVSS v3
6.1
EPSS
0.2123
EPSS Percentile
97.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
ciprianmp/phpmychat-plus
1.98
Published
Dec 20, 2019
Tracked Since
Feb 18, 2026