← Back to CVEs
CVE-2019-25280
MEDIUM6.1
Description
Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-site scripting in user browser sessions.
CVE Details
CVSS v3.1 Score6.1
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionREQUIRED
Published1/8/2026
Last Modified1/8/2026
Sourcenvd
Honeypot Sightings0
Weaknesses (CWE)
CWE-79
References
https://cxsecurity.com/issue/WLB-2019070132(disclosure@vulncheck.com)
https://exchange.xforce.ibmcloud.com/vulnerabilities/164412(disclosure@vulncheck.com)
https://packetstormsecurity.com/files/153756(disclosure@vulncheck.com)
https://web.archive.org/web/20190623143100/http://www.yahei.net/(disclosure@vulncheck.com)
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5531.php(disclosure@vulncheck.com)
https://cxsecurity.com/issue/WLB-2019070132(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5531.php(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.