CVE-2019-25244

Description

Legrand BTicino Driver Manager F454 1.0.51 contains multiple web vulnerabilities that allow attackers to perform administrative actions without proper request validation. Attackers can exploit cross-site request forgery to change passwords and inject stored cross-site scripting payloads through unvalidated GET parameters.

PUBLISHED Reserved 2025-12-24 | Published 2025-12-24 | Updated 2025-12-24 | Assigner VulnCheck

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.exploit-db.com/exploits/46850 exploit

www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5521.php exploit

www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5522.php exploit

www.exploit-db.com/exploits/46850 (ExploitDB-46850) exploit

www.bticino.com (BTicino Official Product Homepage) product

www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5521.php (Zero Science Lab Disclosure (ZSL-2019-5521)) third-party-advisory

www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5522.php (Zero Science Lab Disclosure (ZSL-2019-5522)) third-party-advisory

cve.org (CVE-2019-25244)

nvd.nist.gov (CVE-2019-25244)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.