Lucene search
K

23 matches found

RedhatCVE
RedhatCVE
added 2025/12/15 12:30 p.m.13 views

CVE-2025-36750

ShineLan-X contains a stored cross site scripting XSS vulnerability in the Plant Name field. A HTML payload will be displayed on the plant management page via a direct post. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious code...

8.5CVSS5.5AI score0.00136EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/13 6:30 p.m.4 views

EUVD-2025-203254

ShineLan-X contains a stored cross site scripting XSS vulnerability in the Plant Name field. A HTML payload will be displayed on the plant management page via a direct post. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious code...

8.5CVSS5.1AI score0.00136EPSS
Exploits0References2
OSV
OSV
added 2025/12/13 4:16 p.m.4 views

CVE-2025-36750

ShineLan-X contains a stored cross site scripting XSS vulnerability in the Plant Name field. A HTML payload will be displayed on the plant management page via a direct post. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious code...

5.4CVSS5.3AI score0.00136EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/13 8:16 a.m.1 views

CVE-2025-36750 Stored cross site scripting (XSS) vulnerability in Growatt ShineLan-X

ShineLan-X contains a stored cross site scripting XSS vulnerability in the Plant Name field. A HTML payload will be displayed on the plant management page via a direct post. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious code...

8.5CVSS5.2AI score0.00136EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/13 8:16 a.m.22 views

CVE-2025-36750 Stored cross site scripting (XSS) vulnerability in Growatt ShineLan-X

ShineLan-X contains a stored cross site scripting XSS vulnerability in the Plant Name field. A HTML payload will be displayed on the plant management page via a direct post. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious code...

8.5CVSS0.00136EPSS
Exploits0References1
CVE
CVE
added 2025/12/13 8:16 a.m.15 views

CVE-2025-36750

Summary: CVE-2025-36750 affects ShineLan-X (Growatt ShineLan-X) with a stored XSS in the Plant Name field. The vulnerability allows a malicious HTML payload to be stored and later displayed on the plant management page, potentially causing a legitimate user’s browser to execute arbitrary JavaScri...

8.5CVSS5.2AI score0.00136EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.8 views

PT-2025-51099

ShineLan-X contains a stored cross site scripting XSS vulnerability in the Plant Name field. A HTML payload will be displayed on the plant management page via a direct post. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious code...

8.5CVSS5.6AI score0.00136EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.3 views

Growatt ShineLan-X 安全漏洞

Growatt ShineLan-X is a data logger for photovoltaic inverters from Growatt China. A security vulnerability exists in Growatt ShineLan-X that stems from a stored cross-site scripting vulnerability in the Plant Name field that could lead to the execution of malicious code...

8.5CVSS6AI score0.00136EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-11089

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00314EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-11010

Malicious code in bioql PyPI...

6.9CVSS6.5AI score0.00242EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/04/17 9:37 p.m.7 views

CVE-2025-31949

An authenticated attacker can obtain any plant name by knowing the plant ID...

6.9CVSS6.8AI score0.00242EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/04/17 9:20 p.m.5 views

CVE-2025-30511

An authenticated attacker can achieve stored XSS by exploiting improper sanitization of the plant name value while adding or editing a plant...

8.8CVSS5.8AI score0.00314EPSS
Exploits0References3
OSV
OSV
added 2025/04/15 9:16 p.m.2 views

CVE-2025-31949

An authenticated attacker can obtain any plant name by knowing the plant ID...

5.3CVSS5.8AI score0.00242EPSS
Exploits0References1
NVD
NVD
added 2025/04/15 9:16 p.m.22 views

CVE-2025-31949

An authenticated attacker can obtain any plant name by knowing the plant ID...

6.9CVSS0.00242EPSS
Exploits0References1
NVD
NVD
added 2025/04/15 9:15 p.m.7 views

CVE-2025-30511

An authenticated attacker can achieve stored XSS by exploiting improper sanitization of the plant name value while adding or editing a plant...

8.8CVSS0.00314EPSS
Exploits0References1
OSV
OSV
added 2025/04/15 9:15 p.m.2 views

CVE-2025-30511

An authenticated attacker can achieve stored XSS by exploiting improper sanitization of the plant name value while adding or editing a plant...

5.4CVSS5.8AI score0.00314EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/15 8:19 p.m.6 views

CVE-2025-31949 Growatt Cloud portal Authorization Bypass Through User-Controlled Key

An authenticated attacker can obtain any plant name by knowing the plant ID...

6.9CVSS6.8AI score0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/15 8:19 p.m.20 views

CVE-2025-31949 Growatt Cloud portal Authorization Bypass Through User-Controlled Key

An authenticated attacker can obtain any plant name by knowing the plant ID...

6.9CVSS0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/15 8:12 p.m.7 views

CVE-2025-30511 Growatt Cloud Applications Cross-site Scripting

An authenticated attacker can achieve stored XSS by exploiting improper sanitization of the plant name value while adding or editing a plant...

8.8CVSS0.00314EPSS
Exploits0References1
CVE
CVE
added 2025/04/15 8:12 p.m.48 views

CVE-2025-30511

Growatt Cloud Applications (monitors) is affected by CVE-2025-30511. An authenticated attacker can trigger a stored XSS by exploiting improper sanitization of the plant name value when adding or editing a plant. Documented impact is stored XSS in user spaces; no exploit details are provided beyon...

8.8CVSS8.3AI score0.00314EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder