CVE-2019-25280
Yahei-PHP Prober 0.4.7 Remote HTML Injection via Speed Parameter
CVSS Score
6.1
EPSS Score
0.0%
EPSS Percentile
0th
Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-site scripting in user browser sessions.
| CWE | CWE-79 |
| Vendor | yahei.net |
| Product | yahei-php prober |
| Published | Jan 7, 2026 |
| Last Updated | May 24, 2026 |
Stay Ahead of the Next One
Get instant alerts for yahei.net yahei-php prober
Be the first to know when new medium vulnerabilities affecting yahei.net yahei-php prober are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected Versions
Yahei.Net / Yahei-PHP Prober
0.4.7
References
zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5531.php packetstormsecurity.com: https://packetstormsecurity.com/files/153756 cxsecurity.com: https://cxsecurity.com/issue/WLB-2019070132 exchange.xforce.ibmcloud.com: https://exchange.xforce.ibmcloud.com/vulnerabilities/164412 web.archive.org: https://web.archive.org/web/20190623143100/http://www.yahei.net/
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab