In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed.
Publication date: Sat, 10 Sep 2022 07:42:00 +0000