CVE-2021-23282 MEDIUM

CVE-2021-23282: Stored Cross-site Scripting reported in Intelligent Power Manager v1

Vendor Eaton
Product Intelligent Power Manager (IPM)
Weakness CWE-79 · XSS
Published November 25, 2024
Last update November 25, 2024

CVSS base score

5.2/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

What the vulnerability does

01Description

Eaton Intelligent Power Manager (IPM) prior to 1.70 is vulnerable to stored Cross site scripting. The vulnerability exists due to insufficient validation of input from certain resources by the IPM software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system

Key dates

02Disclosure timeline

November 25, 2024 CVE published
November 25, 2024 Record updated