CVE-2021-23283
Summary
| CVE | CVE-2021-23283 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-04-19 21:15:00 UTC |
| Updated | 2022-04-27 18:28:00 UTC |
| Description | Eaton Intelligent Power Protector (IPP) prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Eaton | Intelligent Power Protector | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/securit... | MISC | www.eaton.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Eaton thanks the below organization and individuals for their coordinated support on the security vulnerability: CVE-2021-23283 - Micheal Heinzl via ICS-Cert
There are currently no legacy QID mappings associated with this CVE.