Vendor
A CSRF-OOB-Injection vulnerability exists in SolarEdge Monitoring Platform's `/solaredge-web/p/initClient` endpoint due to improper validation of session parameters, allowing attackers to manipulate headers to initiate requests to attacker-controlled domains, potentially leading to session compromise and unauthorized system control.