CVE-2019-25234
Description
SmartHouse Webapp 6.5.33 contains multiple cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform unauthorized actions. Attackers can exploit these vulnerabilities by tricking logged-in users into visiting malicious websites or injecting malicious scripts into various application parameters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Carlo Gavazzi SmartHouse Webapp versions up to 6.5.33 are vulnerable to CSRF and XSS, allowing attackers to perform unauthorized actions via crafted requests or injected scripts.
Multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities have been identified in the Carlo Gavazzi SmartHouse Webapp, affecting versions up to 6.5.33.17072501. The application fails to perform validity checks on HTTP requests, enabling CSRF attacks. Additionally, input passed to various GET/POST parameters is not properly sanitized before being returned to the user, leading to stored and reflected XSS vulnerabilities [1][2].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.