{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T03:31:54.308","vulnerabilities":[{"cve":{"id":"CVE-2024-31414","sourceIdentifier":"CybersecurityCOE@eaton.com","published":"2024-09-13T17:15:11.707","lastModified":"2024-09-19T18:48:25.893","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sanitization on the server-side, which could lead to injection and execution of malicious scripts when abused by bad actors."},{"lang":"es","value":"El software Eaton Foreseer ofrece a los usuarios la posibilidad de personalizar el panel de control en las páginas WebView. Sin embargo, los campos de entrada para esta función en el software Eaton Foreseer carecían de una desinfección de entrada adecuada en el lado del servidor, lo que podía provocar la inyección y ejecución de scripts maliciosos cuando los actores maliciosos los utilizaban de forma abusiva."}],"metrics":{"cvssMetricV31":[{"source":"CybersecurityCOE@eaton.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"CybersecurityCOE@eaton.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eaton:foreseer_electrical_power_monitoring_system:*:*:*:*:*:*:*:*","versionEndExcluding":"7.8.600","matchCriteriaId":"9F67BFC9-4D31-42C3-804D-C7F0B6CA8E89"}]}]}],"references":[{"url":"https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2024-1008.pdf","source":"CybersecurityCOE@eaton.com","tags":["Vendor Advisory"]}]}}]}