← back
CVE-2025-36750

Stored cross site scripting (XSS) vulnerability in Growatt ShineLan-X

CVSS 8.5 HIGHEPSS 0.1%CWE-79
ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the Plant Name field. A HTML payload will be displayed on the plant management page via a direct post. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious code.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:H/SI:H/SA:H
Affected products
Growatt · ShineLan-X

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://csirt.divd.nl/CVE-2025-36750/