CVE-2021-23284 MEDIUM

CVE-2021-23284: Security issues in Eaton Intelligent Power Manager Infrastructure

Vendor Eaton

Product Intelligent Power Manager Infrastructure (IPM Infrastructure)

Weakness CWE-79 · XSS

Published April 18, 2022

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

5.7/10

Attack vector Adjacent

Attack complexity Low

Privileges required High

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H

What the vulnerability does

01Description

Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to Stored Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior versions.

Key dates

02Disclosure timeline

April 18, 2022 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-23284 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-5284 Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations <= 2.0.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-29111 WordPress Sitekit plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability CVE-2024-7284 SourceCodester Lot Reservation Management System cross site scripting CVE-2024-49228 WordPress bVerse Convert plugin <= 1.3.7.1 - Cross Site Scripting (XSS) vulnerability CVE-2024-34413 WordPress SliceWP Affiliates plugin <= 1.1.10 - Cross Site Scripting (XSS) vulnerability

Identifiers

CVE CVE-2021-23284

CWE CWE-79

CVSS 5.7 / MEDIUM

Affected versions

Vendor Eaton

Product Intelligent Power Manager Infrastructure (IPM Infrastructure)

Affected ≥ all and ≤ 1.5.0plus205