CVE-2019-25294
Persistent XSS in html5_snmp add_router_operation.php Remark Parameter
Publication date: 2026-02-06
Last updated on: 2026-03-02
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lolypop55 | html5_snmp | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "This vulnerability is a persistent Cross-Site Scripting (XSS) issue found in html5_snmp version 1.11. It occurs because the 'Remark' parameter in the add_router_operation.php file does not properly sanitize or escape user input."}, {'type': 'paragraph', 'content': "An attacker can send a crafted POST request containing malicious JavaScript code in the 'Remark' field. This malicious script is then stored persistently on the server and executed in the browsers of users who view the affected page."}, {'type': 'paragraph', 'content': "As a result, arbitrary JavaScript runs in the context of the victim's browser, which can lead to various malicious actions."}] [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute arbitrary JavaScript code in your browser when you visit the affected page.
- Attackers could hijack user sessions.
- It may lead to defacement of the web application.
- Other malicious actions could be performed, such as stealing sensitive information or manipulating the user interface.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by monitoring for POST requests sent to the endpoint /add_router_operation.php that contain suspicious script tags or JavaScript payloads in the 'Remark' parameter."}, {'type': 'list_item', 'content': 'Use network traffic inspection tools (e.g., Wireshark or tcpdump) to capture POST requests targeting /add_router_operation.php.'}, {'type': 'list_item', 'content': "Search web server logs for POST requests with the 'Remark' parameter containing script tags, for example using grep:"}, {'type': 'list_item', 'content': "grep -i 'Remark=.*<script>' /path/to/webserver/logs/access.log"}, {'type': 'list_item', 'content': 'Use curl or similar tools to test the endpoint by sending a crafted POST request with a script payload in the Remark field, for example:'}, {'type': 'list_item', 'content': 'curl -X POST -d \'Remark=<script>alert("test5");</script>\' http://targetsite/add_router_operation.php'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "Immediate mitigation steps include sanitizing and validating all user inputs, especially the 'Remark' parameter, to prevent injection of malicious scripts."}, {'type': 'paragraph', 'content': 'If possible, apply patches or updates from the software vendor or source repository to fix the vulnerability.'}, {'type': 'paragraph', 'content': 'As a temporary measure, restrict access to the vulnerable endpoint /add_router_operation.php to trusted users only.'}, {'type': 'paragraph', 'content': 'Implement Content Security Policy (CSP) headers to reduce the impact of any injected scripts.'}, {'type': 'paragraph', 'content': 'Monitor logs and network traffic for suspicious activity related to this vulnerability.'}] [1]