CVE-2020-37148

Name of the Vulnerable Software and Affected Versions P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11

Description P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 are affected by a stored cross-site scripting issue. Input provided to various GET/POST parameters is not adequately sanitized before being presented back to the user, potentially enabling attackers to inject and execute arbitrary HTML and script code within a user's browser session. This can be achieved by submitting malicious input through the label modification functionality, specifically utilizing the lab4 parameter in the 'config.html' file.

Recommendations Versions 1.0.20 and 1.0.11 should be updated to a newer, secure version.