CVE-2021-23283

Security issues in Eaton Intelligent Power Protector (IPP)

CVSS 5.2 MEDIUMEPSS 0.5%CWE-79

Eaton Intelligent Power Protector (IPP) prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software.

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Produtos afetados

Eaton · Eaton Intelligent Power Protector (IPP)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Protector-Vulnerability-Advisory_1001b_V1.0.pdf