CVE-2020-36905
FIBARO System Home Center 5.021 Remote File Inclusion via Proxy API
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th
FIBARO System Home Center 5.021 contains a remote file inclusion vulnerability in the undocumented proxy API that allows attackers to include arbitrary client-side scripts. Attackers can exploit the 'url' GET parameter to inject malicious JavaScript and potentially hijack user sessions or manipulate page content.
| CWE | CWE-829 |
| Vendor | fibar group s.a. |
| Product | home center 3 |
| Published | Jan 6, 2026 |
| Last Updated | Mar 5, 2026 |
Stay Ahead of the Next One
Get instant alerts for fibar group s.a. home center 3
Be the first to know when new high vulnerabilities affecting fibar group s.a. home center 3 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected Versions
FIBAR GROUP S.A. / Home Center 3
0 โค 5.021.38
FIBAR GROUP S.A. / Home Center 2
0 โค 5.021.38
FIBAR GROUP S.A. / Home Center Lite
0 โค 5.021.38
References
exploit-db.com: https://www.exploit-db.com/exploits/48240 fibaro.com: https://www.fibaro.com zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5563.php packetstorm.news: https://packetstorm.news/files/id/156869 cxsecurity.com: https://cxsecurity.com/issue/WLB-2020030140 exchange.xforce.ibmcloud.com: https://exchange.xforce.ibmcloud.com/vulnerabilities/178269 vulncheck.com: https://www.vulncheck.com/advisories/fibaro-system-home-center-remote-file-inclusion-via-proxy-api
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab