← back
CVE-2025-36748

Stored Cross-Site Scripting (XSS) vulnerability in Growatt ShineLan-X

CVSS 8.4 HIGHEPSS 0.1%CWE-79
ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the local configuration web server. The JavaScript code snippet can be inserted in the communication module’s settings center. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious code.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:H/SI:N/SA:L
Affected products
Growatt · ShineLan-X

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://csirt.divd.nl/CVE-2025-36748/