CVE-2026-32843

UNKNOWN 0.0

Linkit ONE Location Aware Sensor System (LASS) Reflected XSS via PM25.php

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Location Aware Sensor System by Linkit ONE, up to commit f06bd20 (2023-04-26), contains a reflected cross-site scripting vulnerability in the PM25.php file that allows remote attackers to execute arbitrary JavaScript by injecting malicious code into GET parameters. Attackers can craft a malicious URL containing unencoded payloads in the site, city, district, channel, or apikey parameters to execute scripts in victims' browsers when they visit the page.

CWE	CWE-79
Vendor	linkitonedevgroup
Product	location aware sensor system (lass)
Published	Mar 19, 2026
Last Updated	Mar 23, 2026

Stay Ahead of the Next One

Get instant alerts for linkitonedevgroup location aware sensor system (lass)

Be the first to know when new unknown vulnerabilities affecting linkitonedevgroup location aware sensor system (lass) are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

LinkItONEDevGroup / Location Aware Sensor System (LASS)

0 ≤ f06bd202f37f2a8fafe932feabcb119a292f016e

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/LinkItONEDevGroup/LASS/commits/master/ vulncheck.com: https://www.vulncheck.com/advisories/linkit-one-location-aware-sensor-system-lass-reflected-xss-via-pm25-php

Credits

philopentest