๐Ÿ” CVE Alert

CVE-2026-58475

MEDIUM 6.1

Sustainable Irrigation Platform 5.2.16 Stored XSS via Program Name

CVSS Score
6.1
EPSS Score
0.0%
EPSS Percentile
0th

Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject arbitrary JavaScript by supplying malicious script payloads within program names submitted via HTTP requests. Attackers can exploit the lack of output encoding on rendered program names to execute arbitrary JavaScript in the browsers of any users viewing the affected page, with exploitation facilitated by the absence of a required passphrase or the default passphrase 'opendoor'.

CWE CWE-79
Vendor dan-in-ca
Product sip
Published Jul 14, 2026
Last Updated Jul 15, 2026
Stay Ahead of the Next One

Get instant alerts for dan-in-ca sip

Be the first to know when new medium vulnerabilities affecting dan-in-ca sip are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Affected Versions

Dan-in-CA / SIP
0 โ‰ค 5.2.16

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
zeroscience.mk: https://www.zeroscience.mk/#/advisories/ZSL-2026-5994 vulncheck.com: https://www.vulncheck.com/advisories/sustainable-irrigation-platform-stored-xss-via-program-name

Credits

Anja Ivanovska of Zero Science Lab