CVE-2019-14228

EPSS 0.11% · P29 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-14228

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Xavier PHP Management Panel 3.0 is vulnerable to Reflected POST-based XSS via the username parameter when registering a new user at admin/includes/adminprocess.php. If there is an error when registering the user, the unsanitized username will reflect via the error page. Due to the lack of CSRF protection on the admin/includes/adminprocess.php endpoint, an attacker is able to chain the XSS with CSRF in order to cause remote exploitation.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Xavier PHP Management Panel 跨站请求伪造漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Xavier PHP Management Panel是一套网站用户管理系统。 Xavier PHP Management Panel 3.0版本中存在跨站请求伪造漏洞。该漏洞源于WEB应用未充分验证请求是否来自可信用户。攻击者可利用该漏洞通过受影响客户端向服务器发送非预期的请求。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2019-14228

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2019-14228

请登录查看更多情报信息。

https://m-q-t.github.io/notes/xavier-csrf-to-xss-takeover/x_refsource_MISC
https://codecanyon.net/item/xavier-php-login-script-user-management/9146226x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2019-14228

Same Patch Batch · n/a · 2019-07-26 · 29 CVEs total

CVE-2019-13955		MikroTik RouterOS 资源管理错误漏洞
CVE-2019-13588		Wikindx 跨站脚本漏洞
CVE-2019-10267		Ahsay Systems Cloud Backup Suite 代码问题漏洞
CVE-2019-10266		Ahsay Systems Cloud Backup Suite 代码问题漏洞
CVE-2019-10265		Ahsay Systems Cloud Backup Suite 路径遍历漏洞
CVE-2019-10264		Ahsay Systems Cloud Backup Suite 代码问题漏洞
CVE-2019-10263		Ahsay Systems Cloud Backup Suite 跨站脚本漏洞
CVE-2019-13565		OpenLDAP 授权问题漏洞
CVE-2019-13382		TechSmith SnagIT 权限许可和访问控制问题漏洞
CVE-2019-14284		Linux kernel 数字错误漏洞
CVE-2019-14283		Linux kernel 输入验证错误漏洞
CVE-2019-13638		GNU patch 操作系统命令注入漏洞
CVE-2019-13057		OpenLDAP 授权问题漏洞
CVE-2019-13954		MikroTik RouterOS 资源管理错误漏洞
CVE-2019-13990		Terracotta Quartz Scheduler 代码问题漏洞
CVE-2019-13387		CentOS Web Panel 跨站脚本漏洞
CVE-2019-13386		CentOS Web Panel 权限许可和访问控制问题漏洞
CVE-2019-13385		Control Web Panel CentOS Web Panel 路径遍历漏洞
CVE-2018-20857		Zendesk Samlr 输入验证错误漏洞
CVE-2018-20856		Linux kernel 资源管理错误漏洞

Showing top 20 of 29 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2019-14228

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2019-14228

I. Basic Information for CVE-2019-14228

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2019-14228

III. Intelligence Information for CVE-2019-14228

Same Patch Batch · n/a · 2019-07-26 · 29 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2019-14228

Leave a comment