← volver
CVE-2019-25280

Yahei-PHP Prober 0.4.7 Remote HTML Injection via Speed Parameter

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79
Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-site scripting in user browser sessions.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Productos afectados
Yahei.Net · Yahei-PHP Prober

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://cxsecurity.com/issue/WLB-2019070132https://exchange.xforce.ibmcloud.com/vulnerabilities/164412https://packetstormsecurity.com/files/153756https://web.archive.org/web/20190623143100/http://www.yahei.net/https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5531.php