CVE-2019-25323

MEDIUM

Heatmiser Netmonitor v3.03 - XSS

Title source: llm

Description

Heatmiser Netmonitor v3.03 contains an HTML injection vulnerability in the outputSetup.htm page that allows attackers to inject malicious HTML code through the outputtitle parameter. Attackers can craft specially formatted POST requests to the outputtitle parameter to execute arbitrary HTML and potentially manipulate the web interface's displayed content.

Exploits (1)

exploitdb WORKING POC

by Ismail Tasdelen · textwebappshardware

https://www.exploit-db.com/exploits/47828

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/47828

[Various Sources] https://web.archive.org/web/20190724160628/https://www.heatmiser.com/en/

[Various Sources] https://www.zoneregeling.nl/heatmiser/netmonitor-handleiding.pdf

[Third Party Advisory] https://www.vulncheck.com/advisories/heatmiser-netmonitor-html-injection

Scores

CVSS v3 6.1

EPSS 0.0004

EPSS Percentile 12.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

Heatmiser/Heatmiser Netmonitor 3.03

Published Feb 12, 2026

Tracked Since Feb 18, 2026