CVE-2019-8390

MEDIUM NUCLEI

Qdpm - XSS

Title source: rule

qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keywords] parameter.

exploitdb WORKING POC

by Mehmet EMIROGLU · textwebappsphp

qdPM 9.1 - Cross-site Scripting

MEDIUMVERIFIEDby theamanrawat

Shodan: http.favicon.hash:762074255

FOFA: icon_hash=762074255

CVSS v3 6.1

EPSS 0.0194

EPSS Percentile 83.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79

Status published

Products (1)

qdpm/qdpm 9.1

Published May 14, 2019

Tracked Since Feb 18, 2026