ABB EIBPORT building management systems running firmware prior to version 3.9.2 contain a high-severity Cross-Site Scripting (XSS) vulnerability (CVE-2021-22291). Successful exploitation allows attackers to steal session IDs, leading to unauthenticated device access, sensitive information disclosure, and unauthorized configuration changes.