Description
Location Aware Sensor System by Linkit ONE, up to commit f06bd20 (2023-04-26), contains a reflected cross-site scripting vulnerability in the PM25.php file that allows remote attackers to execute arbitrary JavaScript by injecting malicious code into GET parameters. Attackers can craft a malicious URL containing unencoded payloads in the site, city, district, channel, or apikey parameters to execute scripts in victims' browsers when they visit the page.
Published: 2026-03-19
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑Site Scripting
Action: Apply Patch
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Linkitonedevgroup
Linkitonedevgroup location Aware Sensor System (lass)
Vendors & Products Linkitonedevgroup
Linkitonedevgroup location Aware Sensor System (lass)

Thu, 19 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Description Location Aware Sensor System by Linkit ONE, up to commit f06bd20 (2023-04-26), contains a reflected cross-site scripting vulnerability in the PM25.php file that allows remote attackers to execute arbitrary JavaScript by injecting malicious code into GET parameters. Attackers can craft a malicious URL containing unencoded payloads in the site, city, district, channel, or apikey parameters to execute scripts in victims' browsers when they visit the page.
Title Linkit ONE Location Aware Sensor System (LASS) Reflected XSS via PM25.php
Weaknesses CWE-79
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}


Subscriptions

Linkitonedevgroup Location Aware Sensor System (lass)
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T15:44:19.923Z

Reserved: 2026-03-16T18:11:41.758Z

Link: CVE-2026-32843

cve-icon Vulnrichment

Updated: 2026-03-20T18:02:20.772Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-19T15:16:27.570

Modified: 2026-06-17T10:36:25.780

Link: CVE-2026-32843

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T14:14:50Z

Weaknesses