CVE-2025-36750

Stored cross site scripting (XSS) vulnerability in Growatt ShineLan-X

Description

ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the Plant Name field. A HTML payload will be displayed on the plant management page via a direct post. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious code.

INFO

Published Date :

2025-12-13T08:16:22.832Z

Last Modified :

2025-12-13T08:16:22.832Z

Source :

DIVD

AFFECTED PRODUCTS

The following products are affected by CVE-2025-36750 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-36750.

URL	Resource
https://csirt.divd.nl/CVE-2025-36750/

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability