High severity7.5NVD Advisory· Published Jan 6, 2026· Updated Apr 15, 2026

CVE-2020-36905

Description

FIBARO System Home Center 5.021 contains a remote file inclusion vulnerability in the undocumented proxy API that allows attackers to include arbitrary client-side scripts. Attackers can exploit the 'url' GET parameter to inject malicious JavaScript and potentially hijack user sessions or manipulate page content.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cxsecurity.com/issue/WLB-2020030140nvd
exchange.xforce.ibmcloud.com/vulnerabilities/178269nvd
packetstorm.news/files/id/156869nvd
www.exploit-db.com/exploits/48240nvd
www.fibaro.comnvd
www.vulncheck.com/advisories/fibaro-system-home-center-remote-file-inclusion-via-proxy-apinvd
www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5563.phpnvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000