CVE-2019-25233

MEDIUM

AVE DOMINAplus <1.10.x - XSS, CSRF

Title source: llm

Description

AVE DOMINAplus 1.10.x contains cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to exploit login.php parameters and execute arbitrary scripts in user browser sessions.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/47821

View Code ZIP pw:eip

References (4)

[Various Sources] https://www.ave.it

[Various Sources] https://www.domoticaplus.it

[Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5547.php

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/47821

Scores

CVSS v3 5.3

EPSS 0.0004

EPSS Percentile 11.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-352 CWE-79

Status published

Products (1)

AVE S.p.A./DOMINAplus Web Server Code 53AB-WBS - 1.10.62

Published Dec 24, 2025

Tracked Since Feb 18, 2026