{“lastseen”:””,”description”:”ShineLan-X contains\u00a0a stored cross site scripting (XSS) vulnerability in the local configuration\u00a0web server. The JavaScript code snippet can be inserted\u00a0in the communication module\u2019s settings center. This may allow attackers to force a\u00a0legitimate user\u2019s browser\u2019s JavaScript engine to run malicious code.”,”published”:”2025-12-13T08:16:23.523Z”,”modified”:”2025-12-13T08:16:23.523Z”,”type”:”cve”,”title”:”Stored Cross-Site Scripting (XSS) vulnerability in Growatt ShineLan-X”,”source”:”DIVD”,”references”:”https:\/\/csirt.divd.nl\/CVE-2025-36748\/”,”id”:”CVE-2025-36748″,”bulletinFamily”:””,”cwe”:[“CWE-79″],”cvelist”:null,”sourceData”:”Growatt ShineLan-X 3.6.0.0″,”sourceHref”:””,”cvss”:{“score”:8.4,”severity”:”HIGH”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:N\/VC:H\/VI:N\/VA:L\/SC:H\/SI:N\/SA:L”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”ShineLan-X”,”version”:”3.6.0.0″,”vendor”:”Growatt”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”ShineLan-X contains\u00a0a stored cross site scripting (XSS) vulnerability in the local configuration\u00a0web server. The JavaScript code snippet can be inserted\u00a0in the communication module\u2019s settings center….<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,74,12,15,13,7,11,5],"class_list":["post-30953","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-84","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n