Openenergymonitor: >> Emoncms >> 11.7.3 Security Vulnerabilities
Emoncms 11.7.3 is vulnerable to Cross Site in the input handling mechanism. This vulnerability allows authenticated attackers with API access to inject malicious JavaScript code that executes when administrators view the application logs.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-10-24
Emoncms 11.7.3 has a remote code execution vulnerability in the firmware upload feature that allows authenticated users to execute arbitrary commands on the target system. The vulnerability stems from insufficient input validation of user-controlled parameters including filename, port, baud_rate, core, and autoreset within the /admin/upload-custom-firmware endpoint.
CVSS Score
7.5
EPSS Score
0.003
Published
2025-10-24