Goekay

**Name of the Vulnerable Software and Affected Versions** SteVe (affected versions not specified) **Description** SteVe is an open platform that implements different versions of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via WebSockets, leading to persistent Cross-Site Scripting in the SteVe management interface. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.