CVE-2019-25323
HTML Injection in Heatmiser Netmonitor v3.03 Allows Interface Manipulation
Publication date: 2026-02-12
Last updated on: 2026-02-13
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| heatmiser | netmonitor | 3.03 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
Heatmiser Netmonitor v3.03 contains an HTML injection vulnerability in the outputSetup.htm page. This vulnerability allows attackers to inject malicious HTML code through the outputtitle parameter by sending specially crafted POST requests. As a result, attackers can execute arbitrary HTML and potentially manipulate the content displayed on the web interface.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to inject and execute arbitrary HTML code on the affected web interface. This could lead to manipulation of the displayed content, potentially misleading users or causing unauthorized actions within the interface. Although it does not directly allow code execution beyond HTML, it may facilitate phishing, content spoofing, or other malicious activities.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know