CVE-2019-25311

thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operating_system, system_owner, system_username, system_password, system_description, and server_name parameters to execute arbitrary JavaScript in victim browsers.

CVSS v3 6.4 MEDIUM

6.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/kostasmitroglou/thesystem	Product
https://www.exploit-db.com/exploits/47440	Exploit Third Party Advisory VDB Entry
https://www.vulncheck.com/advisories/thesystem-persistent-xss	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:kostasmitroglou:thesystem:1.0.0:*:*:*:*:*:*:*

History

12 Mar 2026, 18:52

Type	Values Removed	Values Added
CPE		cpe:2.3:a:kostasmitroglou:thesystem:1.0.0:::::::*
Summary		(es) La versión 1.0 de thesystem contiene una vulnerabilidad de cross-site scripting persistente que permite a los atacantes inyectar scripts maliciosos a través de múltiples campos de entrada de datos del servidor. Los atacantes pueden enviar cargas útiles de scripts manipuladas en los parámetros operating_system, system_owner, system_username, system_password, system_description y server_name para ejecutar JavaScript arbitrario en los navegadores de las víctimas.
First Time		Kostasmitroglou thesystem Kostasmitroglou
References	~~() https://github.com/kostasmitroglou/thesystem -~~	() https://github.com/kostasmitroglou/thesystem - Product
References	~~() https://www.exploit-db.com/exploits/47440 -~~	() https://www.exploit-db.com/exploits/47440 - Exploit, Third Party Advisory, VDB Entry
References	~~() https://www.vulncheck.com/advisories/thesystem-persistent-xss -~~	() https://www.vulncheck.com/advisories/thesystem-persistent-xss - Third Party Advisory

11 Feb 2026, 15:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-11 15:16

Updated : 2026-03-12 18:52

NVD link : CVE-2019-25311

Mitre link : CVE-2019-25311

CVE.ORG link : CVE-2019-25311

JSON object : View

Products Affected

kostasmitroglou

thesystem

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.4 /10