Описание
SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via WebSockets leading to persistent Cross-Site Scripting in the SteVe management interface.
Ссылки
- Product
- Patch
- Issue TrackingPatch
- Issue TrackingPatch
Уязвимые конфигурации
Конфигурация 1Версия до 3.5.1 (включая)
Одно из
cpe:2.3:a:steve-community:steve:*:*:*:*:*:*:*:*
cpe:2.3:a:steve-community:steve:3.6.0:*:*:*:*:*:*:*
cpe:2.3:a:steve-community:steve:3.7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 26%
0.00092
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 1 года назад
SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via WebSockets leading to persistent Cross-Site Scripting in the SteVe management interface.
EPSS
Процентиль: 26%
0.00092
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
CWE-79