CVE-2019-25284

Description

V-SOL GPON/EPON OLT Platform v2.03 contains multiple reflected cross-site scripting vulnerabilities due to improper input sanitization in various script parameters. Attackers can exploit these vulnerabilities by injecting malicious HTML and script code to execute arbitrary scripts in a victim's browser session.

PUBLISHED Reserved 2026-01-06 | Published 2026-01-07 | Updated 2026-01-08 | Assigner VulnCheck

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5537.php exploit

www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5537.php (Zero Science Lab Vulnerability Advisory) third-party-advisory

packetstormsecurity.com/files/154631 (Packet Storm Security Exploit Entry) exploit

exchange.xforce.ibmcloud.com/vulnerabilities/167864 (IBM X-Force Vulnerability Exchange) vdb-entry

cxsecurity.com/issue/WLB-2019090194 (CXSecurity Vulnerability Database) third-party-advisory

www.vsolcn.com/ (VSOL Vendor Homepage) product

cve.org (CVE-2019-25284)

nvd.nist.gov (CVE-2019-25284)

Download JSON