CVE-2024-23786: Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a...
Description
Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected product.
Classification
CVE ID: CVE-2024-23786
CVSS Base Severity: CRITICAL
CVSS Base Score: 9.3
Problem Types
Cross-site scripting (XSS)Affected Products
Vendor: SHARP CORPORATION, SHARP CORPORATION
Product: Energy Management Controller with Cloud Services, Energy Management Controller with Cloud Services
Exploit Prediction Scoring System (EPSS)
EPSS Score: 2.53% (probability of being exploited)
EPSS Percentile: 84.12% (scored less or equal to compared to others)
EPSS Date: 2025-04-08 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: total
SSVC Automatable: false