CVE-2019-25233

MEDIUM

AVE DOMINAplus <1.10.x - XSS, CSRF

Title source: llm

Description

AVE DOMINAplus 1.10.x contains cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to exploit login.php parameters and execute arbitrary scripts in user browser sessions.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/47821

View Code ZIP pw:eip

References (4)

[Various Sources] https://www.ave.it

[Various Sources] https://www.domoticaplus.it

[Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5547.php

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/47821

Scores

CVSS v3 5.3

EPSS 0.0003

EPSS Percentile 8.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Classification

CWE

CWE-352 CWE-79

Status draft

Timeline

Published Dec 24, 2025

Tracked Since Feb 18, 2026