Primary

Context

Yahei-PHP Prober Remote HTML Injection Vulnerability Allowing Cross-Site Scripting

Vulnerability

A remote HTML injection vulnerability has been identified in Yahei-PHP Prober version 0.4.7. This vulnerability allows attackers to execute arbitrary HTML code by injecting it into the 'speed' GET parameter of the 'prober.php' script. The injected HTML is executed in the context of the user's browser session on the affected site, leading to cross-site scripting (XSS).

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected scripts are executed in the context of the user's browser session on the affected site.

Reproduction

To reproduce this vulnerability, send a request to 'prober.php' with a crafted 'speed' parameter that includes the desired HTML injection, such as a marquee tag. This can be done using a web browser or a tool like curl or Postman.

Added: Jan 8, 2026, 12:30 AM

Updated: Jan 8, 2026, 12:30 AM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

1.7

exploitability

7.4

remediation

0.0

relevance

1.9

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

1.7

exploitability

7.4

remediation

0.0

relevance

1.9

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Yahei-PHP Prober Remote HTML Injection Vulnerability Allowing Cross-Site Scripting

Vulnerability

Impact

Reproduction

Affected Products

Yahei-PHP Prober

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating