CVE-2024-23786

Summary

Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected product.

Affected Software

VendorProductVersion RangeStatus
SHARP CORPORATIONEnergy Management Controller with Cloud ServicesJH-RVB1 Ver.B0.1.9.1 and earlieraffected
SHARP CORPORATIONEnergy Management Controller with Cloud ServicesJH-RV11 Ver.B0.1.9.1 and earlieraffected

Weaknesses

  • Cross-site scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References