CVE-2024-8401 MEDIUM

CVE-2024-8401

Vendor Schneider Electric
Product EcoStruxure Power Monitoring Expert (PME) 2021
Weakness CWE-79 · XSS
Published January 28, 2025
Last update January 28, 2025
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an authenticated attacker modifies folder names within the context of the product.

Key dates

02Disclosure timeline

January 28, 2025 CVE published
January 28, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-1616 XiaoBingBy TeaCMS Article Title cross site scripting CVE-2024-1521 Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Widget SVGZ File Upload CVE-2024-36170 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2024-4667 Blog, Posts and Category Filter for Elementor <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post and Category Filter Widget CVE-2023-2814 SourceCodester Class Scheduling System POST Parameter save_teacher.php cross site scripting