CVE-2024-1304 MEDIUM

CVE-2024-1304: Multiple Vulnerabilities in Badger Meter's Monitool

Vendor Badger Meter
Product Monitool
Weakness CWE-79 · XSS
Published March 12, 2024
Last update August 22, 2024
View on NVD All CVEs

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Cross-site scripting vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows a remote attacker to send a specially crafted javascript payload to an authenticated user and partially hijack their browser session.

Key dates

02Disclosure timeline

March 12, 2024 CVE published
August 22, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-23742 WordPress Podamibe Twilio Private Call plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-8919 Confetti Fall Animation <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via confetti-fall-animation Shortcode CVE-2024-3929 Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Post Overlay CVE-2024-27104 Stored XSS in dashboards in GLPI CVE-2025-49424 WordPress Support Ticket Plugin <= 1.9 - Cross Site Scripting (XSS) Vulnerability