CVE-2019-7677 – XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /

XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888.

 

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7677

Reference (s):

• https://github.com/pudding2/enphase-energy/blob/master/XSS-exp.txt
• https://github.com/pudding2/enphase-energy/blob/master/XSS.png