CVE-2019-25280

medium

Description

Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-site scripting in user browser sessions.

References

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5531.php

https://web.archive.org/web/20190623143100/http://www.yahei.net/

https://packetstormsecurity.com/files/153756

https://exchange.xforce.ibmcloud.com/vulnerabilities/164412

https://cxsecurity.com/issue/WLB-2019070132

Details

Source: Mitre, NVD

Published: 2026-01-08

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

CVSS v4

Base Score: 5.1

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Severity: Medium

EPSS

EPSS: 0.00041