Stored XSS in the web application of an international manufacturer of energy management systems allowed an attacker to execute arbitrary JavaScript code with the permissions of other visitors
Public Charging Infrastructure
NTCF:
NTCF-2023-83772
Product:
Classified
Vendor:
Classified
Criticality:
high
Status:
fixed
Discovered:
2023-08-08
Detail:
Classified
Description
In accordance with the NTC Vulnerability Disclosure Policy, the details of this vulnerability will not be publicly disclosed.
Neither the product and vendor name nor a detailed description of the vulnerability will be publicly released if all of the following conditions are met:
- the vendor fixes the vulnerability without requiring any action by the affected parties (e.g. a cloud service where the user is not required to install patches)
- there is no indication that the vulnerability has been exploited (e.g. in the log files)
Further details may be provided on request. Please use the contact form.
Timeline
2023-08-08: initial discovery
2023-08-08: first contact to vendor
2023-08-09: private disclosure to vendor
2023-08-31: fix by vendor
2023-11-15: public disclosure