Exploitation Summary
EIP tracks 1 public exploit for CVE-2019-25234. PoCs published by LiquidWorm.
AI-analyzed exploit summary This exploit demonstrates multiple CSRF and XSS vulnerabilities in Carlo Gavazzi SmartHouse Webapp 6.5.33. It includes proof-of-concept code for reflected and stored XSS attacks, as well as CSRF to manipulate temperature settings.
Description
SmartHouse Webapp 6.5.33 contains multiple cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform unauthorized actions. Attackers can exploit these vulnerabilities by tricking logged-in users into visiting malicious websites or injecting malicious scripts into various application parameters.
Exploits (1)
This exploit demonstrates multiple CSRF and XSS vulnerabilities in Carlo Gavazzi SmartHouse Webapp 6.5.33. It includes proof-of-concept code for reflected and stored XSS attacks, as well as CSRF to manipulate temperature settings.
References (3)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N