CVE-2019-25262

Published: Dec 31, 2025

Modified: Jan 2, 2026

PUBLISHED

CVSS v3.1

3.5

LOW

Description

A security vulnerability has been detected in elinicksic Razgover up to db37dfc5c82f023a40f2f7834ded6633fb2b5262. This affects an unknown part of the file Chattify/send.php of the component Chat Message Handler. Such manipulation of the argument msg leads to cross site scripting. The attack may be performed from remote. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The name of the patch is 995dd89d0e3ec5522966724be23a5d58ca1bdac3. Applying a patch is advised to resolve this issue. This vulnerability only affects products that are no longer supported by the maintainer.

Vendor	Product	Versions
elinicksic	Razgover	affected `db37dfc5c82f023a40f2f7834ded6633fb2b5262`

Weaknesses (CWE)

CWE-79

CWE-94

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:X/RL:O/RC:C

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

References

VDB-338649 | elinicksic Razgover Chat Message send.php cross site scripting

vdb-entry

technical-description

VDB-338649 | CTI Indicators (IOB, IOC, TTP, IOA)

signature

permissions-required

https://github.com/elinicksic/Razgover/commit/995dd89d0e3ec5522966724be23a5d58ca1bdac3

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-25262

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References