Cross-Site Scripting Vulnerability in Enphase Envoy Device

CVE-2019-7677

What is CVE-2019-7677?

A Cross-Site Scripting (XSS) vulnerability has been identified in Enphase Envoy devices that allows attackers to inject malicious scripts via the 'profileName' parameter to the /home URI on TCP port 8888. This vulnerability can potentially compromise user data and privacy, enabling unauthorized access and manipulation by malicious actors. Prompt mitigation measures are recommended to safeguard against potential exploitation.

References