漏洞概述 漏洞名称: Sustainable Irrigation Platform 5.2.16 Stored XSS via Program Name CVE编号: CVE-2026-58475 CWE编号: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVSS评分: 5.3 CVSS向量: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:R/VC:N/VI:N/VA:N/SC:N/LS:L/SA:N 发布日期: 7/14/2026 严重程度: MEDIUM 参考链接: Zero Science Lab Advisory 贡献者: Anja Ivanovska of Zero Science Lab 描述 Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject arbitrary JavaScript by supplying malicious script payloads within program names submitted via HTTP requests. Attackers can exploit the lack of output encoding on rendered program names to execute arbitrary JavaScript in the browsers of any users viewing the affected page, with exploitation facilitated by the absence of a required passphrase or the default passphrase 'opendoor'. 影响范围 受影响版本: SIP <= 5.2.16 影响范围: 未定义 修复方案 修复建议: 更新到最新版本或应用官方提供的补丁。 临时缓解措施: 确保使用强密码,避免使用默认密码 'opendoor'。