CVE-2026-4293
MEDIUMKieback & Peter DDC Building Controllers Cross-site Scripting
Title source: cnaDescription
The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim's browser, which allows the attacker to control the browser.
Scores
CVSS v3
5.3
EPSS
0.0027
EPSS Percentile
18.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (11)
Kieback & Peter/DDC4002
< 1.12.14
Kieback & Peter/DDC4002e
< 1.23.4
Kieback & Peter/DDC4020e
< 1.23.4
Kieback & Peter/DDC4040e
< 1.23.4
Kieback & Peter/DDC4100
< 1.12.14
Kieback & Peter/DDC4200
< 1.12.14
Kieback & Peter/DDC4200-L
< 1.12.14
Kieback & Peter/DDC4200e
< 1.23.4
Kieback & Peter/DDC4400
< 1.12.14
Kieback & Peter/DDC4400e
< 1.23.4
... and 1 more
Published
May 20, 2026
Tracked Since
May 20, 2026