CVE-2019-25323

MEDIUM

Heatmiser Netmonitor 3.03 - HTML Injection via outputtitle Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25323. PoCs published by Ismail Tasdelen.

AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in Heatmiser Netmonitor 3.03 via the outputtitle parameter in a POST request to outputSetup.htm. The payload injects a marquee tag, confirming the vulnerability.

Description

Heatmiser Netmonitor v3.03 contains an HTML injection vulnerability in the outputSetup.htm page that allows attackers to inject malicious HTML code through the outputtitle parameter. Attackers can craft specially formatted POST requests to the outputtitle parameter to execute arbitrary HTML and potentially manipulate the web interface's displayed content.

Exploits (1)

exploitdb WORKING POC

by Ismail Tasdelen · textwebappshardware

https://www.exploit-db.com/exploits/47828

View Code ZIP pw:eip

This exploit demonstrates an HTML injection vulnerability in Heatmiser Netmonitor 3.03 via the outputtitle parameter in a POST request to outputSetup.htm. The payload injects a marquee tag, confirming the vulnerability.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Heatmiser Netmonitor v3.03

No auth needed

Prerequisites: Network access to the target device

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/47828

Various Sources product

https://web.archive.org/web/20190724160628/https://www.heatmiser.com/en/

Various Sources product

https://www.zoneregeling.nl/heatmiser/netmonitor-handleiding.pdf

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/heatmiser-netmonitor-html-injection

Scores

CVSS v3 6.1

EPSS 0.0022

EPSS Percentile 12.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

Heatmiser/Heatmiser Netmonitor 3.03

Published Feb 12, 2026

Tracked Since Feb 18, 2026