CVE-2021-23283

Security issues in Eaton Intelligent Power Protector (IPP)

CVSS 5.2 MEDIUMEPSS 0.5%CWE-79

Eaton Intelligent Power Protector (IPP) prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software.

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Affected products

Eaton · Eaton Intelligent Power Protector (IPP)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Protector-Vulnerability-Advisory_1001b_V1.0.pdf