CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-36750

ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the Plant Name field. A HTML payload will be displayed on the plant management page via a direct post. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious code.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 19.1%

CVSS Severity

CVSS v3 Score 5.4

References

https://csirt.divd.nl/CVE-2025-36750/

Products affected by CVE-2025-36750

Growatt » Shine Lan-X » Version: N/A

cpe:2.3:h:growatt:shine_lan-x:-
Growatt » Shine Lan-X Firmware » Version: Any

cpe:2.3:o:growatt:shine_lan-x_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-36750

Products

Pricing

Contact Us