XSS and CSRF Vulnerability in PHPMyWind 5.5 via GetQQ Function
CVE-2019-7402 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg_qqcode parameter. This can be exploited via CSRF.
Learn more about our Web Application Penetration Testing UK.