CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23283 – Security issues in Eaton Intelligent Power Protector (IPP)
https://notcve.org/view.php?id=CVE-2021-23283
Eaton Intelligent Power Protector (IPP) prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software. Eaton Intelligent Power Protector (IPP) versiones anteriores a 1.69 es vulnerable al Cross Site Scripting almacenado. La vulnerabilidad es presentada debido a una insuficiente comprobación de la entrada del usuario y a una codificación inapropiada de la salida de determinados recursos dentro del software IPP • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Protector-Vulnerability-Advisory_1001b_V1.0.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23286 – Security issues in Eaton Intelligent Power Manager Infrastructure
https://notcve.org/view.php?id=CVE-2021-23286
Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior versions. Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) versión 1.5.0plus205 y todas las versiones anteriores, son vulnerables a una inyección de fórmulas CSV. Este problema afecta: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) toda la versión 1.5.0plus205 y versiones anteriores • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Manager-%28IPM%29-Infrastructure-Vulnerability-Advisory_1001c_V1.0.pdf https://www.eaton.com/content/dam/eaton/products/backup-power-ups-surge-it-power-distribution/power-management-software-connectivity/eaton-intelligent-power-manager/software/ipm-understand-edition-emea/eaton-ipminfra-eolmemo-en-us.pdf. • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23284 – Security issues in Eaton Intelligent Power Manager Infrastructure
https://notcve.org/view.php?id=CVE-2021-23284
Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to Stored Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior versions. Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) versión 1.5.0plus205 y todas las versiones anteriores, son susceptibles a una vulnerabilidad de tipo Cross-Site Scripting Almacenado. Este problema afecta: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) todas las versiones 1.5.0plus205 y versiones anteriores • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Manager-%28IPM%29-Infrastructure-Vulnerability-Advisory_1001c_V1.0.pdf https://www.eaton.com/content/dam/eaton/products/backup-power-ups-surge-it-power-distribution/power-management-software-connectivity/eaton-intelligent-power-manager/software/ipm-understand-edition-emea/eaton-ipminfra-eolmemo-en-us.pdf. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23285 – Security issues in Eaton Intelligent Power Manager Infrastructure
https://notcve.org/view.php?id=CVE-2021-23285
Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to reflected Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior versions. Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) versión 1.5.0plus205 y todas las versiones anteriores, son susceptibles a una vulnerabilidad de tipo Cross-Site Scripting Reflejado. Este problema afecta: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) todas las versiones 1.5.0plus205 y versiones anteriores • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Manager-%28IPM%29-Infrastructure-Vulnerability-Advisory_1001c_V1.0.pdf https://www.eaton.com/content/dam/eaton/products/backup-power-ups-surge-it-power-distribution/power-management-software-connectivity/eaton-intelligent-power-manager/software/ipm-understand-edition-emea/eaton-ipminfra-eolmemo-en-us.pdf. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23288 – Security issues in Intelligent Power Protector
https://notcve.org/view.php?id=CVE-2021-23288
The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions prior to 1.69. La vulnerabilidad se presenta debido a una insuficiente comprobación de la entrada de determinados recursos por parte del software IPP. El atacante necesitaría acceso a la subred local y una interacción de administrador para comprometer el sistema. • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Protector-Vulnerability-Advisory_1002b_V1.0.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •