CVE-2024-31414 MEDIUM

CVE-2024-31414

Vendor Eaton

Product Foreseer

Weakness CWE-79 · XSS

Published September 13, 2024

Last update September 13, 2024

View on NVD All CVEs

CVSS base score

6.7/10

Attack vector Local

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sanitization on the server-side, which could lead to injection and execution of malicious scripts when abused by bad actors.

Key dates

02Disclosure timeline

September 13, 2024 CVE published

September 13, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-31414

Related vulnerabilities

04Related CVE

CVE-2021-24415 Polo Video Gallery <= 1.2 - Contributor+ Stored Cross-Site Scripting CVE-2025-32175 WordPress VK Filter Search plugin <= 2.20.2 - Cross Site Scripting (XSS) vulnerability CVE-2024-56033 WordPress FAQs plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-26929 WordPress Accounting for WooCommerce plugin <= 1.6.8 - Cross Site Scripting (XSS) vulnerability CVE-2026-0594 List Site Contributors <= 1.1.8 - Reflected Cross-Site Scripting via alpha