What the vulnerability does
01Description
The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim's browser, which allows the attacker to control the browser.
CVE-2026-4293
MEDIUM
CVE-2026-4293: Kieback & Peter DDC Building Controllers Cross-site Scripting
CVSS base score
5.3/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Key dates
02Disclosure timeline
May 20, 2026
CVE published
May 20, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-61645 CodexTablePager has i18n XSS
CVE-2025-64873 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-58820 WordPress Carousel Ultimate Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability
CVE-2024-11366 SEO Landing Page Generator <= 1.66.2 - Reflected Cross-Site Scripting
CVE-2019-25399 IPFire 2.21 Core Update 127 Stored XSS via extrahd.cgi
