Primary

Context

Heatmiser Netmonitor HTML Injection Vulnerability

Vulnerability

A HTML injection vulnerability has been identified in Heatmiser Netmonitor version 3.03. The issue resides in the outputSetup.htm page, where the outputtitle parameter can be exploited to inject malicious HTML. By sending specially crafted POST requests that include harmful HTML code in the outputtitle parameter, attackers can manipulate the content displayed on the web interface.

Impact

Exploitation of this vulnerability allows for HTML injection, which could be used to execute scripts or manipulate the web interface's content.

Reproduction

To reproduce this vulnerability, send a POST request to the outputSetup.htm page with the outputtitle parameter containing the injected HTML. The injected HTML will be executed and can alter the content displayed on the web interface.

Added: Feb 12, 2026, 11:31 PM

Updated: Feb 12, 2026, 11:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.6

remediation

0.0

relevance

3.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.6

remediation

0.0

relevance

3.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Heatmiser Netmonitor HTML Injection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating