Therabbitx

**Name of the Vulnerable Software and Affected Versions** Tasmota firmware version 6.5.0 **Description** The issue allows remote attackers to inject JavaScript code via a crafted string in the `Friendly Name 1` field. This enables Cross Site Scripting (XSS) attacks. **Recommendations** For Tasmota firmware version 6.5.0, avoid using the `Friendly Name 1` field until a patch is available. As a temporary workaround, consider restricting access to this field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.