CVE-2021-34590 MEDIUM

CVE-2021-34590: Bender Charge Controller: Cross-site Scripting

Vendor Bender / Ebee
Product CC612
Weakness CWE-79 · XSS
Published April 27, 2022
Last update September 16, 2024

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed.

Key dates

02Disclosure timeline

April 27, 2022 CVE published
September 16, 2024 Record updated