Cross site scripting

2022-04-2716:15:00

PRIOn knowledge base

www.prio-n.com

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed.

CPENameOperatorVersion
cc612_firmwarege5.11.0
cc612_firmwarelt5.11.2
cc612_firmwarege5.12.0
cc612_firmwarelt5.12.5
cc612_firmwarege5.13.0
cc612_firmwarelt5.13.2
cc612_firmwarege5.20.0
cc612_firmwarelt5.20.2
icc15xx_firmwarege5.11.0
icc15xx_firmwarelt5.11.2

Name	Operator	Version
cc612_firmware	ge	5.11.0
cc612_firmware	lt	5.11.2
cc612_firmware	ge	5.12.0
cc612_firmware	lt	5.12.5
cc612_firmware	ge	5.13.0
cc612_firmware	lt	5.13.2
cc612_firmware	ge	5.20.0
cc612_firmware	lt	5.20.2
icc15xx_firmware	ge	5.11.0
icc15xx_firmware	lt	5.11.2

Rows per page:

1-10 of 321

References

cert.vde.com/en/advisories/VDE-2021-047