exploitDog

GHSA-g97m-fwww-wqf3

Опубликовано: 12 авг. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via WebSockets leading to persistent Cross-Site Scripting in the SteVe management interface.

SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via WebSockets leading to persistent Cross-Site Scripting in the SteVe management interface.

Ссылки

EPSS

Процентиль: 26%

0.00092

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2024-21550

CVSS3: 6.1

nvd

больше 1 года назад

SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via WebSockets leading to persistent Cross-Site Scripting in the SteVe management interface.

EPSS

Процентиль: 26%

0.00092

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79