CVE-2021-34590
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
27/04/2022
Last modified:
10/09/2022
Description
In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed.
Impact
Base Score 3.x
5.40
Severity 3.x
MEDIUM
Base Score 2.0
3.50
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:* | 5.11.0 (including) | 5.11.2 (excluding) |
| cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:* | 5.12.0 (including) | 5.12.5 (excluding) |
| cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:* | 5.13.0 (including) | 5.13.2 (excluding) |
| cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:* | 5.20.0 (including) | 5.20.2 (excluding) |
| cpe:2.3:h:bender:cc612:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:* | 5.11.0 (including) | 5.11.2 (excluding) |
| cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:* | 5.12.0 (including) | 5.12.5 (excluding) |
| cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:* | 5.13.0 (including) | 5.13.2 (excluding) |
| cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:* | 5.20.0 (including) | 5.20.2 (excluding) |
| cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:* | 5.11.0 (including) | 5.11.2 (excluding) |
| cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:* | 5.12.0 (including) | 5.12.5 (excluding) |
| cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:* | 5.13.0 (including) | 5.13.2 (excluding) |
| cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:* | 5.20.0 (including) | 5.20.2 (excluding) |
| cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page