VYPR
Medium severity6.1NVD Advisory· Published Aug 12, 2024· Updated Jun 17, 2026

CVE-2024-21550

CVE-2024-21550

Description

SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via WebSockets leading to persistent Cross-Site Scripting in the SteVe management interface.

Affected products

2
  • Rancher/Stevellm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.