What the vulnerability does
01Description
The affected product is vulnerable to a cross-site scripting attack which may allow an attacker to bypass authentication and takeover admin accounts.
CVE-2024-49397
CRITICAL
CVE-2024-49397: Cross-site Scripting in Elvaco M-Bus Metering Gateway CMe3100
CVSS base score
9.2/10
CVSS vector
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Key dates
02Disclosure timeline
October 17, 2024
CVE published
October 17, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-12796 Reflected XSS in Holistic IT, Consultancy Coop.'s Workcube ERP
CVE-2024-11753 UMich OIDC Login <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2022-45086 Cross-site Scripting in Smartpower Web
CVE-2023-51652 OWASP.AntiSamy mXSS when preserving comments
CVE-2023-4602 Namaste! LMS <= 2.6.1.1 - Reflected Cross-Site Scripting
