Описание
Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-site scripting in user browser sessions.
Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-site scripting in user browser sessions.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-25280
- https://cxsecurity.com/issue/WLB-2019070132
- https://exchange.xforce.ibmcloud.com/vulnerabilities/164412
- https://packetstormsecurity.com/files/153756
- https://web.archive.org/web/20190623143100/http://www.yahei.net
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5531.php
Связанные уязвимости
Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-site scripting in user browser sessions.