CVE-2024-31414

MEDIUM

Eaton Foreseer Electrical Power Monitoring System < 7.8.600 - Stored Cross-Site Scripting in Dashboard Customization

Title source: llm
STIX 2.1

Description

The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sanitization on the server-side, which could lead to injection and execution of malicious scripts when abused by bad actors.

Scores

CVSS v3 6.7
EPSS 0.0028
EPSS Percentile 20.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-79
Status published
Products (1)
eaton/foreseer_electrical_power_monitoring_system < 7.8.600
Published Sep 13, 2024
Tracked Since Feb 18, 2026