CVE-2020-37148
P5 FNIP-8x16A/FNIP-4xSH 1.0.20, 1.0.11 - Stored Cross-Site Scripting (XSS)
CVSS Score
3.5
EPSS Score
0.0%
EPSS Percentile
0th
P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the user, allowing attackers to execute arbitrary HTML and script code in a user's browser session in the context of the affected site. This can be exploited by submitting crafted input to the label modification functionality, such as the 'lab4' parameter in config.html.
| CWE | CWE-79 |
| Vendor | p5 |
| Product | fnip-8x16a |
| Published | Feb 5, 2026 |
| Last Updated | May 25, 2026 |
Stay Ahead of the Next One
Get instant alerts for p5 fnip-8x16a
Be the first to know when new low vulnerabilities affecting p5 fnip-8x16a are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Affected Versions
P5 / FNIP-8x16A
1.0.20 1.0.11
P5 / FNIP-4xSH
1.0.20 1.0.11
References
zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5564.php exploit-db.com: https://www.exploit-db.com/exploits/48362 packetstormsecurity.com: https://packetstormsecurity.com/files/156170/P5-FNIP-8x16A-FNIP-4xSH-1.0.20-CSRF-XSS.html exchange.xforce.ibmcloud.com: https://exchange.xforce.ibmcloud.com/vulnerabilities/176993 p5.hu: https://www.p5.hu/ vulncheck.com: https://www.vulncheck.com/advisories/p-fnip-xafnip-xsh-stored-cross-site-scripting-xss
Credits
Gjoko 'LiquidWorm' Krstic (@zeroscience)