Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Base/Dashboard/Dashboard0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tabname parameter.