CVE-2019-25311

Medium CVSS: 5.1

thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operating_system, system_owner, system_username, system_password, system_description, and server_name parameters to execute arbitrary JavaScript in victim browsers.

Vendor

Kostasmitroglou

Product

Thesystem

CWE

CWE-79

Yayın Tarihi

2026-02-11 15:16:09

Güncelleme

2026-03-12 18:52:42

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-79 Thesystem MEDIUM Kostasmitroglou 2026

Referanslar

https://github.com/kostasmitroglou/thesystem https://www.exploit-db.com/exploits/47440 https://www.vulncheck.com/advisories/thesystem-persistent-xss

Benzer Kayıtlar

Critical

CVE-2019-25441

thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary syst…

High

CVE-2019-25346

TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the…

High

CVE-2019-25347

thesystem App 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating…