Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Domoticz < 2026.1 Stored XSS via Hardware Configuration Endpoint
Vulnerability Description
Domoticz versions prior to 2026.1 contain a stored cross-site scripting vulnerability in the Add Hardware and rename device functionality of the web interface that allows authenticated administrators to execute arbitrary scripts by supplying crafted names containing script or HTML markup. Attackers can inject malicious code that is stored and rendered without proper output encoding, causing script execution in the browsers of users viewing the affected page and enabling unauthorized actions within their session context.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Domoticz 跨站脚本漏洞
Vulnerability Description
Domoticz是Domoticz公司的一套开源的智能家居系统。该系统支持监测和控制多种智能家居设备。 Domoticz 2026.1之前版本存在跨站脚本漏洞,该漏洞源于Web界面的添加硬件和重命名设备功能存在存储型跨站脚本,可能导致经过身份验证的管理员执行任意脚本。
CVSS Information
N/A
Vulnerability Type
N/A