CVE Catalog

CVE-2026-36906

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

13th percentile - higher than 13% of all known CVEs

Summary

A Cross-Site Scripting (XSS) vulnerability has been discovered in IoTGateway version 3.0.1 within the Log Record Function. This allows a remote attacker to execute arbitrary JavaScript code in the victim's browser.

Risk Assessment

An attacker could hijack an administrator session, steal credentials, or spread malware within the organization's internal network.

Recommendation

Immediately update IoTGateway to the latest patched version. Until then, restrict access to the admin panel and disable the Log Record Function if feasible.

Original NVD description (English source)

Cross Site Scripting vulnerability in iotgateway v.3.0.1 allows a remote attacker to execute arbitrary code via the Log Record Function

Vulnerability data from NVD (NIST) · CISA KEV · EPSS