2 matches found
CVE-2025-36750
ShineLan-X contains a stored cross site scripting XSS vulnerability in the Plant Name field. A HTML payload will be displayed on the plant management page via a direct post. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious code...
CVE-2025-36752
CVE-2025-36752 affects Growatt ShineLan-X communication dongle. The vulnerability arises from an undocumented backup account with undocumented credentials, enabling high-privilege access and potentially full control of the device, including the Setting Center. Multiple sources corroborate a backd...