Eaton Foreseer Software Flaw Allows Malicious Script Injection

CVE-2024-31414

6.1MEDIUM

Key Information

Vendor: Eaton
Status: Foreseer
Vendor: CVE Published:; 13 September 2024

Summary

The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sanitization on the server-side, which could lead to injection and execution of malicious scripts when abused by bad actors.

Affected Version(s)

Foreseer <= 0

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published.
Sep 13, 2024
Vulnerability Reserved.
Apr 3, 2024

Collectors

NVD DatabaseMitre Database

Credit

Microsoft