CVE-2019-25294 MEDIUM

CVE-2019-25294: html5_snmp 1.11 - 'Remark' Persistent Cross-Site Scripting

Vendor Lolypop55

Product html5_snmp

Weakness CWE-79 · XSS

Published February 6, 2026

Last update March 2, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

html5_snmp 1.11 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through the 'Remark' parameter in add_router_operation.php. Attackers can craft a POST request with a script payload in the Remark field to execute arbitrary JavaScript in victim browsers when the page is loaded.

Key dates

02Disclosure timeline

February 6, 2026 CVE published

March 2, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-25294 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-31744 WordPress Lightweight and Responsive Youtube Embed plugin <= 1.0.0 - Stored Cross Site Scripting (XSS) vulnerability CVE-2025-62700 Stored XSS through a system message in MultiBoilerplate CVE-2026-1910 UpMenu <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'upmenu-menu' Shortcode 'lang' Attribute CVE-2024-5038 Colibri Page Builder <= 1.0.276 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2024-5567 Betheme | Responsive Multipurpose WordPress & WooCommerce Theme <= 27.5.5 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File