{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2019-25280","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2026-01-06T16:07:08.526Z","datePublished":"2026-01-07T23:11:07.955Z","dateUpdated":"2026-01-08T18:16:43.143Z"},"containers":{"cna":{"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2026-01-07T23:11:07.955Z"},"datePublic":"2019-07-24T00:00:00.000Z","title":"Yahei-PHP Prober 0.4.7 Remote HTML Injection via Speed Parameter","descriptions":[{"lang":"en","value":"Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-site scripting in user browser sessions."}],"problemTypes":[{"descriptions":[{"lang":"en","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweId":"CWE-79","type":"CWE"}]}],"affected":[{"vendor":"Yahei.Net","product":"Yahei-PHP Prober","versions":[{"version":"0.4.7","status":"affected"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":5.1,"baseSeverity":"MEDIUM","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","userInteraction":"ACTIVE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS"},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","version":"3.1"},"format":"CVSS"}],"references":[{"url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5531.php","name":"Zero Science Lab Vulnerability Advisory","tags":["third-party-advisory"]},{"url":"https://packetstormsecurity.com/files/153756","name":"Packet Storm Security Exploit Entry","tags":["exploit"]},{"url":"https://cxsecurity.com/issue/WLB-2019070132","name":"CXSecurity Vulnerability Listing","tags":["third-party-advisory"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/164412","name":"IBM X-Force Vulnerability Exchange","tags":["vdb-entry"]},{"url":"https://web.archive.org/web/20190623143100/http://www.yahei.net/","name":"Archived Yahei-PHP Product Homepage","tags":["product"]}],"credits":[{"lang":"en","value":"LiquidWorm as Gjoko Krstic of Zero Science Lab","type":"finder"}],"x_generator":{"engine":"vulncheck"}},"adp":[{"references":[{"url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5531.php","tags":["exploit"]},{"url":"https://cxsecurity.com/issue/WLB-2019070132","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-01-08T15:06:46.244877Z","id":"CVE-2019-25280","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-08T18:16:43.143Z"}}]}}