CVE-2025-36750

High CVSS: 8.5

ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the Plant Name field. A HTML payload will be displayed on the plant management page via a direct post. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious code.

Vendor

Growatt

Product

Shine Lan-x Firmware

CWE

CWE-79

Yayın Tarihi

2025-12-13 16:16:54

Güncelleme

2026-01-14 18:05:08

Source Identifier

csirt@divd.nl

KEV Date Added

Kategoriler

CWE-79 Shine Lan-x Firmware HIGH Growatt 2025

Referanslar

https://csirt.divd.nl/CVE-2025-36750/

Benzer Kayıtlar

Critical

CVE-2025-36752

Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows si…

High

CVE-2025-36753

The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to…

Critical

CVE-2025-36747

ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish…

High

CVE-2025-36748

ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the local configuration web server. The JavaScr…

Medium

CVE-2025-31147

Unauthenticated attackers can query information about total energy consumed by EV chargers of arbitrary users.

Medium

CVE-2025-31360

Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users.