QwikSec

Security Database

CVE

CWE

Training

CVE-2026-32843

Published: Mar 19, 2026

Modified: Mar 23, 2026

PUBLISHED

Description

Location Aware Sensor System by Linkit ONE, up to commit f06bd20 (2023-04-26), contains a reflected cross-site scripting vulnerability in the PM25.php file that allows remote attackers to execute arbitrary JavaScript by injecting malicious code into GET parameters. Attackers can craft a malicious URL containing unencoded payloads in the site, city, district, channel, or apikey parameters to execute scripts in victims' browsers when they visit the page.

Vendor	Product	Versions
LinkItONEDevGroup	Location Aware Sensor System (LASS)	affected `0 - <= f06bd202f37f2a8fafe932feabcb119a292f016e`

Weaknesses (CWE)

References

https://github.com/LinkItONEDevGroup/LASS/commits/master/

product

https://www.vulncheck.com/advisories/linkit-one-location-aware-sensor-system-lass-reflected-xss-via-pm25-php

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.