CVE-2019-25280

Yahei-PHP Prober 0.4.7 Remote HTML Injection via Speed Parameter

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79

Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-site scripting in user browser sessions.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Produtos afetados

Yahei.Net · Yahei-PHP Prober

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://cxsecurity.com/issue/WLB-2019070132 https://exchange.xforce.ibmcloud.com/vulnerabilities/164412 https://packetstormsecurity.com/files/153756 https://web.archive.org/web/20190623143100/http://www.yahei.net/https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5531.php