Eaton Intelligent Power Protector (IPP) prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software.
References
Configurations
History
27 Apr 2022, 18:28
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
CPE | cpe:2.3:a:eaton:intelligent_power_protector:*:*:*:*:*:*:*:* | |
CWE | CWE-79 | |
References | (MISC) https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Protector-Vulnerability-Advisory_1001b_V1.0.pdf - Patch, Vendor Advisory |
19 Apr 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-19 21:15
Updated : 2024-02-04 22:29
NVD link : CVE-2021-23283
Mitre link : CVE-2021-23283
CVE.ORG link : CVE-2021-23283
JSON object : View
Products Affected
eaton
- intelligent_power_protector
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')