{"api_version":"1","generated_at":"2026-04-23T04:09:43+00:00","cve":"CVE-2021-23283","urls":{"html":"https://cve.report/CVE-2021-23283","api":"https://cve.report/api/cve/CVE-2021-23283.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-23283","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-23283"},"summary":{"title":"CVE-2021-23283","description":"Eaton Intelligent Power Protector (IPP) prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software.","state":"PUBLIC","assigner":"CybersecurityCOE@eaton.com","published_at":"2022-04-19 21:15:00","updated_at":"2022-04-27 18:28:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Protector-Vulnerability-Advisory_1001b_V1.0.pdf","name":"https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Protector-Vulnerability-Advisory_1001b_V1.0.pdf","refsource":"MISC","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-23283","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23283","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Eaton thanks the below organization and individuals for their coordinated support on the security vulnerability: CVE-2021-23283 - Micheal Heinzl via ICS-Cert","lang":""}],"nvd_cpes":[{"cve_year":"2021","cve_id":"23283","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"eaton","cpe5":"intelligent_power_protector","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"CybersecurityCOE@eaton.com","DATE_PUBLIC":"2022-03-01T02:10:00.000Z","ID":"CVE-2021-23283","STATE":"PUBLIC","TITLE":"Security issues in Eaton Intelligent Power Protector (IPP)"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Eaton Intelligent Power Protector (IPP)","version":{"version_data":[{"version_affected":"<","version_value":"1.69 release 166"}]}}]},"vendor_name":"Eaton"}]}},"credit":[{"lang":"eng","value":"Eaton thanks the below organization and individuals for their coordinated support on the security vulnerability: CVE-2021-23283 - Micheal Heinzl via ICS-Cert"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Eaton Intelligent Power Protector (IPP) prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"HIGH","baseScore":5.2,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Protector-Vulnerability-Advisory_1001b_V1.0.pdf","name":"https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Protector-Vulnerability-Advisory_1001b_V1.0.pdf"}]},"solution":[{"lang":"eng","value":"Eaton has patched the security issue and new version of the affected software has been released. The latest version can be downloaded from below location: - Eaton IPP v1.69 https://www.eaton.com/us/en-us/products/backup-power-ups-surge-it-power-distribution/software-downloads.html"}],"source":{"discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2022-04-19 21:15:00","lastModifiedDate":"2022-04-27 18:28:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.3,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":3.5},"severity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:eaton:intelligent_power_protector:*:*:*:*:*:*:*:*","versionEndExcluding":"1.69","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"23283","Ordinal":"198010","Title":"CVE-2021-23283","CVE":"CVE-2021-23283","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"23283","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}