CVE-2019-25233

EIP tracks 1 public exploit for CVE-2019-25233. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates CSRF and XSS vulnerabilities in AVE DOMINAplus 1.10.x. It includes proof-of-concept HTML forms and HTTP requests to exploit these vulnerabilities, such as enabling/disabling alarms and injecting malicious scripts.

AVE DOMINAplus 1.10.x contains cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to exploit login.php parameters and execute arbitrary scripts in user browser sessions.