CVE-2019-25233 MEDIUM

CVE-2019-25233: AVE DOMINAplus 1.10.x Cross-Site Request Forgery and XSS Vulnerabilities

Vendor Ave S.p.a.
Product DOMINAplus
Weakness CWE-79 · XSS
Published December 24, 2025
Last update December 24, 2025
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

AVE DOMINAplus 1.10.x contains cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to exploit login.php parameters and execute arbitrary scripts in user browser sessions.

Key dates

02Disclosure timeline

December 24, 2025 CVE published
December 24, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-46894 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2026-11569 Quay: quay: stored xss via filedrop svg upload CVE-2025-46956 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) CVE-2024-13731 Alert Box Block – Display notice/alerts in the front end <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Alert Box Block CVE-2023-3726 OCSInventory-ocsreports 2.12.0 - Stored cross-site Scripting