CVE Catalog

CVE-2026-4293

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

19th percentile - higher than 19% of all known CVEs

Summary

The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, allowing JavaScript to be executed by the victim's browser, enabling the attacker to control the browser.

Risk Assessment

An attacker can exploit this vulnerability to take control of the user's browser, potentially leading to data theft or other malicious actions.

Recommendation

It is recommended to update the building controllers to the latest version to mitigate this vulnerability and implement appropriate security measures against XSS attacks.

Original NVD description (English source)

The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim's browser, which allows the attacker to control the browser.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS