SolarEdge Monitoring Platform XSS Flaw

The SolarEdge monitoring platform is a web-based application used to monitor and control solar energy systems. This vulnerability allows an authenticated user to inject payloads into report names, which may execute in a victim's browser during a deletion attempt.

You're affected if you use SolarEdge monitoring platform. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.

1. Upgrade to SolarEdge monitoring platform version 11.0.9 or earlier.
2. Check for updates on the SolarEdge website: https://support.solaredge.com/hc/en-us/articles/360035441231-How-to-Update-SolarEdge-Software
3. Immediate mitigations:
4. Restrict network access to your SolarEdge monitoring platform instance (firewall it from the public internet)
5. Audit admin account activity for suspicious access patterns
6. Monitor for unauthorized token creation

• csirt.divd.nl
• csirt.divd.nl