Описание
Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected product.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
- Vendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до b0.1.9.1 (включая)
Одновременно
cpe:2.3:o:sharp:jh-rvb1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sharp:jh-rvb1:-:*:*:*:*:*:*:*
Конфигурация 2Версия до b0.1.9.1 (включая)
Одновременно
cpe:2.3:o:sharp:jh-rv11_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sharp:jh-rv11:-:*:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02544
Низкий
9.3 Critical
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 9.3
github
больше 1 года назад
Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected product.
EPSS
Процентиль: 85%
0.02544
Низкий
9.3 Critical
CVSS3
Дефекты
CWE-79
CWE-79