23 matches found
CVE-2025-36750
ShineLan-X contains a stored cross site scripting XSS vulnerability in the Plant Name field. A HTML payload will be displayed on the plant management page via a direct post. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious code...
EUVD-2025-203254
ShineLan-X contains a stored cross site scripting XSS vulnerability in the Plant Name field. A HTML payload will be displayed on the plant management page via a direct post. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious code...
CVE-2025-36750
ShineLan-X contains a stored cross site scripting XSS vulnerability in the Plant Name field. A HTML payload will be displayed on the plant management page via a direct post. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious code...
CVE-2025-36750 Stored cross site scripting (XSS) vulnerability in Growatt ShineLan-X
ShineLan-X contains a stored cross site scripting XSS vulnerability in the Plant Name field. A HTML payload will be displayed on the plant management page via a direct post. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious code...
CVE-2025-36750 Stored cross site scripting (XSS) vulnerability in Growatt ShineLan-X
ShineLan-X contains a stored cross site scripting XSS vulnerability in the Plant Name field. A HTML payload will be displayed on the plant management page via a direct post. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious code...
CVE-2025-36750
Summary: CVE-2025-36750 affects ShineLan-X (Growatt ShineLan-X) with a stored XSS in the Plant Name field. The vulnerability allows a malicious HTML payload to be stored and later displayed on the plant management page, potentially causing a legitimate user’s browser to execute arbitrary JavaScri...
PT-2025-51099
ShineLan-X contains a stored cross site scripting XSS vulnerability in the Plant Name field. A HTML payload will be displayed on the plant management page via a direct post. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious code...
Growatt ShineLan-X 安全漏洞
Growatt ShineLan-X is a data logger for photovoltaic inverters from Growatt China. A security vulnerability exists in Growatt ShineLan-X that stems from a stored cross-site scripting vulnerability in the Plant Name field that could lead to the execution of malicious code...
EUVD-2025-11089
Malicious code in bioql PyPI...
EUVD-2025-11010
Malicious code in bioql PyPI...
CVE-2025-31949
An authenticated attacker can obtain any plant name by knowing the plant ID...
CVE-2025-30511
An authenticated attacker can achieve stored XSS by exploiting improper sanitization of the plant name value while adding or editing a plant...
CVE-2025-31949
An authenticated attacker can obtain any plant name by knowing the plant ID...
CVE-2025-31949
An authenticated attacker can obtain any plant name by knowing the plant ID...
CVE-2025-30511
An authenticated attacker can achieve stored XSS by exploiting improper sanitization of the plant name value while adding or editing a plant...
CVE-2025-30511
An authenticated attacker can achieve stored XSS by exploiting improper sanitization of the plant name value while adding or editing a plant...
CVE-2025-31949 Growatt Cloud portal Authorization Bypass Through User-Controlled Key
An authenticated attacker can obtain any plant name by knowing the plant ID...
CVE-2025-31949 Growatt Cloud portal Authorization Bypass Through User-Controlled Key
An authenticated attacker can obtain any plant name by knowing the plant ID...
CVE-2025-30511 Growatt Cloud Applications Cross-site Scripting
An authenticated attacker can achieve stored XSS by exploiting improper sanitization of the plant name value while adding or editing a plant...
CVE-2025-30511
Growatt Cloud Applications (monitors) is affected by CVE-2025-30511. An authenticated attacker can trigger a stored XSS by exploiting improper sanitization of the plant name value when adding or editing a plant. Documented impact is stored XSS in user spaces; no exploit details are provided beyon...