CVE-2019-25323

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Heatmiser Netmonitor version 3.03

Description The software contains an HTML injection issue in the outputSetup.htm page. Attackers can inject malicious HTML code through the outputtitle parameter by sending specially crafted POST requests. This allows for the execution of arbitrary HTML and potential manipulation of the web interface's displayed content. The vulnerable parameter is outputtitle.

Recommendations Apply a fix to sanitize the outputtitle parameter to prevent the injection of malicious HTML code.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-25323

Affected Products

Netmonitor

CVE-2019-25323

Weakness Enumeration

Related Identifiers

Affected Products

References · 6