Delta Electronics DIAEnergie
Description
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Delta Electronics DIAEnergie versions prior to v1.9.01.002 are vulnerable to stored XSS via the InsertReg API, allowing authenticated attackers to inject malicious scripts.
Vulnerability
The InsertReg API in Delta Electronics DIAEnergie versions prior to v1.9.01.002 does not properly neutralize user input, leading to a stored cross-site scripting vulnerability [1]. An attacker can inject malicious scripts that are stored and later executed in the context of authenticated users who access the affected application.
Exploitation
An attacker with low-privilege network access to the DIAEnergie application can craft a malicious payload and send it via the InsertReg API [1]. The payload is stored on the server. When a victim user, such as an administrator, views the page containing the injected script, the script executes in the victim's browser.
Impact
Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's session. This can lead to disclosure of sensitive information, modification of data, and potential further compromise of the system [1]. The CVSS v3 base score is 8.8 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N) [1].
Mitigation
Delta Electronics has released version v1.9.01.002 and later versions that fix this vulnerability. Users should update to v1.9.03.001 or newer as recommended in the advisory [1]. No workarounds are provided.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: All
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.