CVE-2026-32843

2026-03-19 [email protected]

Lifecycle Timeline

2
Analysis Generated
Mar 20, 2026 - 13:52 vuln.today
CVE Published
Mar 19, 2026 - 15:16 nvd
N/A

Tags

PHP XSS

Description

Location Aware Sensor System by Linkit ONE, up to commit f06bd20 (2023-04-26), contains a reflected cross-site scripting vulnerability in the PM25.php file that allows remote attackers to execute arbitrary JavaScript by injecting malicious code into GET parameters. Attackers can craft a malicious URL containing unencoded payloads in the site, city, district, channel, or apikey parameters to execute scripts in victims' browsers when they visit the page.

Analysis

Linkit ONE Location Aware Sensor System (LASS) up to commit f06bd20 contains reflected cross-site scripting (XSS) in PM25.php that permits remote attackers to execute arbitrary JavaScript in victim browsers through unencoded GET parameters (site, city, district, channel, apikey). The vulnerability affects a sensor data collection platform and carries a low exploitation probability (EPSS 0.21%, percentile 43%), suggesting limited real-world attack activity despite public disclosure through VulnCheck.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

0
Low Medium High Critical
KEV: 0
EPSS: +0.2
CVSS: +0
POC: 0

Share

CVE-2026-32843 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy