Vulnerability Details CVE-2021-23283
Eaton Intelligent Power Protector (IPP) prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.6%
CVSS Severity
CVSS v3 Score 5.2
CVSS v2 Score 3.5
References
- https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Protector-Vulnerability-Advisory_1001b_V1.0.pdf
- https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Protector-Vulnerability-Advisory_1001b_V1.0.pdf
Products affected by CVE-2021-23283
-
cpe:2.3:a:eaton:intelligent_power_protector:1.10
-
cpe:2.3:a:eaton:intelligent_power_protector:1.20
-
cpe:2.3:a:eaton:intelligent_power_protector:1.28
-
cpe:2.3:a:eaton:intelligent_power_protector:1.30
-
cpe:2.3:a:eaton:intelligent_power_protector:1.42
-
cpe:2.3:a:eaton:intelligent_power_protector:1.50
-
cpe:2.3:a:eaton:intelligent_power_protector:1.52
-
cpe:2.3:a:eaton:intelligent_power_protector:1.53
-
cpe:2.3:a:eaton:intelligent_power_protector:1.61
-
cpe:2.3:a:eaton:intelligent_power_protector:1.66
-
cpe:2.3:a:eaton:intelligent_power_protector:1.67
-
cpe:2.3:a:eaton:intelligent_power_protector:1.68