CVE-2024-2050 HIGH

CVE-2024-2050

Vendor Schneider Electric
Product Easergy T200 (Modbus) Models: T200I, T200E, T200P, T200S, T200H
Weakness CWE-79 · XSS
Published March 18, 2024
Last update August 1, 2024
View on NVD All CVEs

CVSS base score

8.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

What the vulnerability does

01Description

CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an attacker injects then executes arbitrary malicious JavaScript code within the context of the product.

Key dates

02Disclosure timeline

March 18, 2024 CVE published
August 1, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-44586 SiYuan: Bazaar marketplace renders unescaped package author metadata, allowing XSS and Electron code execution CVE-2024-43915 WordPress Zephyr Project Manager plugin <=3.3.102 - Cross Site Scripting (XSS) vulnerability CVE-2025-11512 code-projects Voting System voters_add.php cross site scripting CVE-2021-24587 Splash Header < 1.20.8 - Authenticated Stored Cross-Site Scripting (XSS) CVE-2022-1408 VikBooking Hotel Booking Engine & PMS < 1.5.8 - Admin+ Stored Cross-Site Scripting