exploitDog

CVE-2025-36746

Опубликовано: 12 дек. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

SolarEdge monitoring platform contains a Cross‑Site Scripting (XSS) flaw that allows an authenticated user to inject payloads into report names, which may execute in a victim’s browser during a deletion attempt.

Ссылки

https://csirt.divd.nl/CVE-2025-36746
Third Party Advisory
https://csirt.divd.nl/DIVD-2025-00022/
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:solaredge:solaredge_monitoring_platform:-:*:*:*:*:saas:*:*

EPSS

Процентиль: 10%

0.00034

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-37qv-3hw5-x3ph

CVSS3: 5.4

github

около 2 месяцев назад

SolarEdge monitoring platform contains a Cross‑Site Scripting (XSS) flaw that allows an authenticated user to inject payloads into report names, which may execute in a victim’s browser during a deletion attempt.

EPSS

Процентиль: 10%

0.00034

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79