CVE-2019-25323 MEDIUM

CVE-2019-25323: Heatmiser Netmonitor 3.03 - HTML Injection

Vendor Heatmiser
Product Heatmiser Netmonitor
Weakness CWE-79 · XSS
Published February 12, 2026
Last update February 13, 2026

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Heatmiser Netmonitor v3.03 contains an HTML injection vulnerability in the outputSetup.htm page that allows attackers to inject malicious HTML code through the outputtitle parameter. Attackers can craft specially formatted POST requests to the outputtitle parameter to execute arbitrary HTML and potentially manipulate the web interface's displayed content.

Key dates

02Disclosure timeline

February 12, 2026 CVE published
February 13, 2026 Record updated