| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 - Stored XSS Vulnerability | 5 Mar 202400:00 | – | zdt | |
| CVE-2023-46344 | 3 Jan 202420:40 | – | circl | |
| Solar-Log GmbH Cross-Site Scripting Vulnerability | 2 Feb 202400:00 | – | cnnvd | |
| CVE-2023-46344 | 2 Feb 202400:00 | – | cve | |
| CVE-2023-46344 | 2 Feb 202400:00 | – | cvelist | |
| EUVD-2023-50564 | 3 Oct 202520:07 | – | euvd | |
| Solar-Log Base 15 | 29 Oct 202406:00 | – | ics | |
| CVE-2023-46344 | 2 Feb 202402:15 | – | nvd | |
| CVE-2023-46344 | 2 Feb 202402:15 | – | osv | |
| Solar-Log 200 PM+ 3.6.0 Cross Site Scripting | 5 Mar 202400:00 | – | packetstorm |
# Exploit Title: Stored XSS in Solar-Log 200 3.6.0 web panel
# Date: 10-30-23
# Exploit Author: Vincent McRae, Mesut Cetin - Redteamer IT Security
# Vendor Homepage: https://www.solar-log.com/en/
# Version: Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019
# Tested on: Proprietary devices: https://www.solar-log.com/en/support/firmware/
# CVE: CVE-2023-46344
# POC:
1. Go to solar panel
2. Go to configuration -> Smart Energy -> "drag & drop" button.
3. Change "name" to: <xss onmouseenter="alert(document.cookie)"
style=display:block>test</xss>
4. Once you hover over "test", you get XSS -> if a higher privileged
user hovers over it, we can get their cookies.Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation