CVE-2019-25294

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions html5 snmp version 1.11

Description The software contains a persistent cross-site scripting issue. An attacker can inject malicious scripts through the Remark parameter in the add router operation.php file. By crafting a POST request with a script payload in the Remark field, an attacker can execute arbitrary JavaScript in the browsers of those who view the page. The vulnerable parameter is Remark. The affected file is add router operation.php.

Recommendations Apply a fix to the add router operation.php file to sanitize the Remark parameter and prevent the injection of malicious scripts.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-25294

Affected Products

Html5 Snmp

CVE-2019-25294

Weakness Enumeration

Related Identifiers

Affected Products

References · 5