CVE-2019-25323

Heatmiser Netmonitor 3.03 - HTML Injection

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.1EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

12 feb 2026Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Heatmiser Netmonitor v3.03 contains an HTML injection vulnerability in the outputSetup.htm page that allows attackers to inject malicious HTML code through the outputtitle parameter. Attackers can craft specially formatted POST requests to the outputtitle parameter to execute arbitrary HTML and potentially manipulate the web interface's displayed content.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Productos afectados

Heatmiser · Heatmiser Netmonitor

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://web.archive.org/web/20190724160628/https://www.heatmiser.com/en/https://www.exploit-db.com/exploits/47828 https://www.vulncheck.com/advisories/heatmiser-netmonitor-html-injection https://www.zoneregeling.nl/heatmiser/netmonitor-handleiding.pdf