CVE-2019-25323

Heatmiser Netmonitor 3.03 - HTML Injection

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.1EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

12 fev 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Heatmiser Netmonitor v3.03 contains an HTML injection vulnerability in the outputSetup.htm page that allows attackers to inject malicious HTML code through the outputtitle parameter. Attackers can craft specially formatted POST requests to the outputtitle parameter to execute arbitrary HTML and potentially manipulate the web interface's displayed content.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Produtos afetados

Heatmiser · Heatmiser Netmonitor

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://web.archive.org/web/20190724160628/https://www.heatmiser.com/en/https://www.exploit-db.com/exploits/47828 https://www.vulncheck.com/advisories/heatmiser-netmonitor-html-injection https://www.zoneregeling.nl/heatmiser/netmonitor-handleiding.pdf