CVE-2021-38488
Delta Electronics DIALink vulnerable to Cross-Site Scripting (XSS) in API events: authenticated adversaries can inject arbitrary JavaScript into the comment parameter of events, potentially enabling remote code execution. Affected product: DIALink server, versions 1.2.4.0 and earlier. Root cause:...