High severity7.5NVD Advisory· Published Jan 6, 2026· Updated Apr 15, 2026
CVE-2020-36905
CVE-2020-36905
Description
FIBARO System Home Center 5.021 contains a remote file inclusion vulnerability in the undocumented proxy API that allows attackers to include arbitrary client-side scripts. Attackers can exploit the 'url' GET parameter to inject malicious JavaScript and potentially hijack user sessions or manipulate page content.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: = 5.021
Patches
Vulnerability mechanics
References
7- cxsecurity.com/issue/WLB-2020030140nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/178269nvd
- packetstorm.news/files/id/156869nvd
- www.exploit-db.com/exploits/48240nvd
- www.fibaro.comnvd
- www.vulncheck.com/advisories/fibaro-system-home-center-remote-file-inclusion-via-proxy-apinvd
- www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5563.phpnvd
News mentions
0No linked articles in our index yet.