{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25280", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-01-06T16:07:08.526Z", "datePublished": "2026-01-07T23:11:07.955Z", "dateUpdated": "2026-01-08T18:16:43.143Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-01-07T23:11:07.955Z"}, "datePublic": "2019-07-24T00:00:00.000Z", "title": "Yahei-PHP Prober 0.4.7 Remote HTML Injection via Speed Parameter", "descriptions": [{"lang": "en", "value": "Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-site scripting in user browser sessions."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "affected": [{"vendor": "Yahei.Net", "product": "Yahei-PHP Prober", "versions": [{"version": "0.4.7", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.1, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5531.php", "name": "Zero Science Lab Vulnerability Advisory", "tags": ["third-party-advisory"]}, {"url": "https://packetstormsecurity.com/files/153756", "name": "Packet Storm Security Exploit Entry", "tags": ["exploit"]}, {"url": "https://cxsecurity.com/issue/WLB-2019070132", "name": "CXSecurity Vulnerability Listing", "tags": ["third-party-advisory"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164412", "name": "IBM X-Force Vulnerability Exchange", "tags": ["vdb-entry"]}, {"url": "https://web.archive.org/web/20190623143100/http://www.yahei.net/", "name": "Archived Yahei-PHP Product Homepage", "tags": ["product"]}], "credits": [{"lang": "en", "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"references": [{"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5531.php", "tags": ["exploit"]}, {"url": "https://cxsecurity.com/issue/WLB-2019070132", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-08T15:06:46.244877Z", "id": "CVE-2019-25280", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-08T18:16:43.143Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "Yahei-PHP Prober 0.4.7 Remote HTML Injection via Speed Parameter", "credits": [{"lang": "en", "type": "finder", "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Yahei.Net", "product": "Yahei-PHP Prober", "versions": [{"status": "affected", "version": "0.4.7"}]}], "datePublic": "2019-07-24T00:00:00.000Z", "references": [{"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5531.php", "name": "Zero Science Lab Vulnerability Advisory", "tags": ["third-party-advisory"]}, {"url": "https://packetstormsecurity.com/files/153756", "name": "Packet Storm Security Exploit Entry", "tags": ["exploit"]}, {"url": "https://cxsecurity.com/issue/WLB-2019070132", "name": "CXSecurity Vulnerability Listing", "tags": ["third-party-advisory"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164412", "name": "IBM X-Force Vulnerability Exchange", "tags": ["vdb-entry"]}, {"url": "https://web.archive.org/web/20190623143100/http://www.yahei.net/", "name": "Archived Yahei-PHP Product Homepage", "tags": ["product"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-site scripting in user browser sessions."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-01-07T23:11:07.955Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25280", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-08T15:06:46.244877Z"}}}], "references": [{"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5531.php", "tags": ["exploit"]}, {"url": "https://cxsecurity.com/issue/WLB-2019070132", "tags": ["exploit"]}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-01-08T15:06:52.287Z"}}]}, "cveMetadata": {"cveId": "CVE-2019-25280", "state": "PUBLISHED", "dateUpdated": "2026-01-07T23:11:07.955Z", "dateReserved": "2026-01-06T16:07:08.526Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-01-07T23:11:07.955Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-site scripting in user browser sessions."}], "id": "CVE-2019-25280", "lastModified": "2026-01-08T19:15:55.207", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "disclosure@vulncheck.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-01-08T00:15:58.280", "references": [{"source": "disclosure@vulncheck.com", "url": "https://cxsecurity.com/issue/WLB-2019070132"}, {"source": "disclosure@vulncheck.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164412"}, {"source": "disclosure@vulncheck.com", "url": "https://packetstormsecurity.com/files/153756"}, {"source": "disclosure@vulncheck.com", "url": "https://web.archive.org/web/20190623143100/http://www.yahei.net/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5531.php"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://cxsecurity.com/issue/WLB-2019070132"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5531.php"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"created": "2026-01-08T09:48:14.163084+00:00", "updated": "2026-01-08T09:48:14.163110+00:00", "vendors": ["yahei", "yahei$PRODUCT$yahei_php_prober"]}