CVE-2009-1798

Опубликовано: 28 дек. 2009

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the login_username vector for Forms/login1 is already covered by CVE-2009-4406.

Ссылки

http://holisticinfosec.org/content/view/111/45/
http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887
Vendor Advisory
http://secunia.com/advisories/37744
Vendor Advisory
http://www.kb.cert.org/vuls/id/166739
US Government Resource
http://holisticinfosec.org/content/view/111/45/
http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887
Vendor Advisory
http://secunia.com/advisories/37744
Vendor Advisory
http://www.kb.cert.org/vuls/id/166739
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:h:apc:network_management_card:*:*:*:*:*:*:*:*

cpe:2.3:h:apc:switched_rack_pdu:*:*:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.04155

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-f4c8-x8gv-8vpm

github

почти 4 года назад