← voltar
CVE-2025-36748

Stored Cross-Site Scripting (XSS) vulnerability in Growatt ShineLan-X

CVSS 8.4 HIGHEPSS 0.1%CWE-79
ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the local configuration web server. The JavaScript code snippet can be inserted in the communication module’s settings center. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious code.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:H/SI:N/SA:L
Produtos afetados
Growatt · ShineLan-X

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://csirt.divd.nl/CVE-2025-36748/