CVE-2019-25280

Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-site scripting in user browser sessions.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
VulnCheckCNA
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://cxsecurity.com/issue/WLB-2019070132
https://exchange.xforce.ibmcloud.com/vulnerabilities/164412
https://packetstormsecurity.com/files/153756
https://web.archive.org/web/20190623143100/http://www.yahei.net/
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5531.php
https://cxsecurity.com/issue/WLB-2019070132
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5531.php