CVE-2019-25301 MEDIUM

CVE-2019-25301: thrsrossi Millhouse-Project 1.414 - 'content' Persistent Cross-Site Scripting

Vendor Thrsrossi
Product Millhouse Project
Weakness CWE-79 · XSS
Published February 6, 2026
Last update February 6, 2026
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment submission functionality that allows attackers to inject malicious scripts. Attackers can post comments with embedded JavaScript through the 'content' parameter in add_comment_sql.php to execute arbitrary scripts in victim browsers.

Key dates

02Disclosure timeline

February 6, 2026 CVE published
February 6, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-43994 WordPress Kahuna theme <= 1.7.0 - Cross Site Scripting (XSS) vulnerability CVE-2021-36737 XSS in V3 Demo Portlet CVE-2026-2486 Master Addons For Elementor <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ma_el_bh_table_btn_text' CVE-2024-5612 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lightbox and Modal Widget CVE-2024-36151 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)