216.73.217.80

CVE-2024-31414

· Published 13/09/2024 17:15 · Modified 19/09/2024 18:48

Labels: CVE-2024-31414 2024-09-13CVE-2024-31414CWE-79[email protected]

Essential information

Published
13/09/2024 17:15
Modified
19/09/2024 18:48
Author
Creator
CVSS
6.1 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS metrics

Description

The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sanitization on the server-side, which could lead to injection and execution of malicious scripts when abused by bad actors.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
eaton / foreseer electrical power monitoring system cpe:2.3:a:eaton:foreseer_electrical_power_monitoring_system:*:*:*:*:*:*:*:*

References