CVE-2020-36905

Publication date

2026-01-06 15:52:20

Family

VulnCheck

State

PUBLISHED

Description

FIBARO System Home Center 5.021 contains a remote file inclusion vulnerability in the undocumented proxy API that allows attackers to include arbitrary client-side scripts. Attackers can exploit the url GET parameter to inject malicious JavaScript and potentially hijack user sessions or manipulate page content.