CVE-2021-23283

Eaton Intelligent Power Protector (IPP) prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software.
Configurations

Configuration 1 (hide)

cpe:2.3:a:eaton:intelligent_power_protector:*:*:*:*:*:*:*:*

History

27 Apr 2022, 18:28

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 3.5
v3 : 5.4
CPE cpe:2.3:a:eaton:intelligent_power_protector:*:*:*:*:*:*:*:*
CWE CWE-79
References (MISC) https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Protector-Vulnerability-Advisory_1001b_V1.0.pdf - (MISC) https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Protector-Vulnerability-Advisory_1001b_V1.0.pdf - Patch, Vendor Advisory

19 Apr 2022, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-04-19 21:15

Updated : 2024-02-04 22:29


NVD link : CVE-2021-23283

Mitre link : CVE-2021-23283

CVE.ORG link : CVE-2021-23283


JSON object : View

Products Affected

eaton

  • intelligent_power_protector
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')