CVE-2024-23786

2024-02-1410:15:08

[email protected]

web.nvd.nist.gov

cross-site scripting

energy management controller

network-adjacent

unauthenticated attacker

arbitrary script

web browser

management page

cloud services

jh-rvb1

jh-rv11

cve-2024-23786

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected product.