CVE-2024-23786: Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a...
Description
Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected product.
Classification
CVE ID: CVE-2024-23786
CVSS Base Severity: CRITICAL
CVSS Base Score: 9.3
Problem Types
Cross-site scripting (XSS)Affected Products
Vendor: SHARP CORPORATION, SHARP CORPORATION
Product: Energy Management Controller with Cloud Services, Energy Management Controller with Cloud Services
Exploit Prediction Scoring System (EPSS)
EPSS Score: 1.89% (probability of being exploited)
EPSS Percentile: 82.12% (scored less or equal to compared to others)
EPSS Date: 2025-04-16 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: total
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2024-23786https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf
https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf
https://jvn.jp/en/vu/JVNVU94591337/