CVE-2019-25323

Sažetak

Heatmiser Netmonitor v3.03 contains an HTML injection vulnerability in the outputSetup.htm page that allows attackers to inject malicious HTML code through the outputtitle parameter. Attackers can craft specially formatted POST requests to the outputtitle parameter to execute arbitrary HTML and potentially manipulate the web interface's displayed content.

Reference

https://web.archive.org/web/20190724160628/https://www.heatmiser.com/en/
https://www.exploit-db.com/exploits/47828
https://www.vulncheck.com/advisories/heatmiser-netmonitor-html-injection
https://www.zoneregeling.nl/heatmiser/netmonitor-handleiding.pdf

CVSS

Base:	6.1
Impact:	2.7
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

13-02-2026 - 14:23

Objavljeno

12-02-2026 - 23:16