← voltar
CVE-2019-25323

Heatmiser Netmonitor 3.03 - HTML Injection

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79
Heatmiser Netmonitor v3.03 contains an HTML injection vulnerability in the outputSetup.htm page that allows attackers to inject malicious HTML code through the outputtitle parameter. Attackers can craft specially formatted POST requests to the outputtitle parameter to execute arbitrary HTML and potentially manipulate the web interface's displayed content.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Produtos afetados
Heatmiser · Heatmiser Netmonitor

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://web.archive.org/web/20190724160628/https://www.heatmiser.com/en/https://www.exploit-db.com/exploits/47828https://www.vulncheck.com/advisories/heatmiser-netmonitor-html-injectionhttps://www.zoneregeling.nl/heatmiser/netmonitor-handleiding.pdf