CVE-2024-21550

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 12, 2024
Updated: Aug 13, 2024
CWE ID 79

Summary

CVE-2024-21550 is a recently disclosed Cross-Site Scripting (XSS) vulnerability affecting the SteVe platform, an open solution for managing Electric Vehicle charge points using various versions of the Open Charge Point Protocol (OCPP). The weakness lies within the SteVe management interface, which is susceptible to attackers injecting destructive HTML and Javascript code via WebSockets. This vulnerability can result in persistent XSS attacks, posing a significant threat to the security and integrity of the charge point management system. Successful exploitation allows attackers to execute malicious scripts on unsuspecting users' browsers, potentially leading to data theft or unauthorized system access.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share