{"id":"CVE-2024-21550","details":"SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via WebSockets leading to persistent Cross-Site Scripting in the SteVe management interface.","modified":"2026-04-10T05:09:39.772088Z","published":"2024-08-12T15:15:19.903Z","references":[{"type":"WEB","url":"https://github.com/steve-community/steve/blob/steve-3.6.0/src/main/java/de/rwth/idsg/steve/config/WebSocketConfiguration.java#L69"},{"type":"FIX","url":"https://github.com/steve-community/steve/issues/1526"},{"type":"FIX","url":"https://github.com/steve-community/steve/pull/1527"},{"type":"FIX","url":"https://github.com/steve-community/steve/commit/a79983f843c37705182c8f54eba060c1dce3b6d1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/steve-community/steve","events":[{"introduced":"0"},{"last_affected":"1fe3e13ef030b04b68a70161d1fa1b4223f50410"},{"introduced":"0"},{"last_affected":"991c00b114dda77f0e940498482526d1882213a3"},{"introduced":"0"},{"last_affected":"42626043c180f21694d97e0bcc398eded03eddbf"},{"fixed":"a79983f843c37705182c8f54eba060c1dce3b6d1"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.5.1"},{"introduced":"0"},{"last_affected":"3.6.0"},{"introduced":"0"},{"last_affected":"3.7.0"}]}}],"versions":["steve-1.0.10","steve-1.0.11","steve-1.0.2","steve-1.0.3","steve-1.0.4","steve-1.0.5","steve-1.0.6","steve-1.0.7","steve-1.0.8","steve-1.0.9","steve-1.1.1","steve-1.2.0","steve-1.3.0","steve-2.0.0","steve-2.0.1","steve-2.0.2","steve-2.0.3","steve-2.0.4","steve-2.0.5","steve-2.0.6","steve-2.1.0","steve-3.0.0","steve-3.0.1","steve-3.0.2","steve-3.1.0","steve-3.2.0","steve-3.3.0","steve-3.3.1","steve-3.3.2","steve-3.4.0","steve-3.4.1","steve-3.4.2","steve-3.4.3","steve-3.4.4","steve-3.4.5","steve-3.4.6","steve-3.4.7","steve-3.4.8","steve-3.4.9","steve-3.5.0","steve-3.5.1","steve-3.6.0","steve-3.7.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-21550.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}