CVE-2026-4293
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk19th percentile - higher than 19% of all known CVEs
Summary
The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, allowing JavaScript to be executed by the victim's browser, enabling the attacker to control the browser.
Risk Assessment
An attacker can exploit this vulnerability to take control of the user's browser, potentially leading to data theft or other malicious actions.
Recommendation
It is recommended to update the building controllers to the latest version to mitigate this vulnerability and implement appropriate security measures against XSS attacks.
Original NVD description (English source)
The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim's browser, which allows the attacker to control the browser.

