← volver
CVE-2025-36748

Stored Cross-Site Scripting (XSS) vulnerability in Growatt ShineLan-X

CVSS 8.4 HIGHEPSS 0.1%CWE-79
ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the local configuration web server. The JavaScript code snippet can be inserted in the communication module’s settings center. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious code.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:H/SI:N/SA:L
Productos afectados
Growatt · ShineLan-X

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://csirt.divd.nl/CVE-2025-36748/