← back
CVE-2019-25280

Yahei-PHP Prober 0.4.7 Remote HTML Injection via Speed Parameter

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79
Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-site scripting in user browser sessions.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Affected products
Yahei.Net · Yahei-PHP Prober

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cxsecurity.com/issue/WLB-2019070132https://exchange.xforce.ibmcloud.com/vulnerabilities/164412https://packetstormsecurity.com/files/153756https://web.archive.org/web/20190623143100/http://www.yahei.net/https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5531.php