Home

Description

ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the local configuration web server. The JavaScript code snippet can be inserted in the communication module’s settings center. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious code.

PUBLISHED Reserved 2025-04-15 | Published 2025-12-13 | Updated 2025-12-16 | Assigner DIVD




HIGH: 8.4CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:H/SI:N/SA:L

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Product status

Default status
unaffected

3.6.0.0 (semver)
affected

Credits

Hamid Rahmouni finder

Victor Pasman analyst

References

csirt.divd.nl/CVE-2025-36748/ third-party-advisory

cve.org (CVE-2025-36748)

nvd.nist.gov (CVE-2025-36748)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.