CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7526
https://notcve.org/view.php?id=CVE-2020-7526
Improper Input Validation vulnerability exists in PowerChute Business Edition (software V9.0.x and earlier) which could cause remote code execution when a script is executed during a shutdown event. Se presenta una vulnerabilidad de Comprobación de Entrada Inapropiada en PowerChute Business Edition (versiones de software V9.0.x y anteriores) que podría causar una ejecución de código remota cuando es ejecutado un script durante un evento de apagado • https://www.se.com/ww/en/download/document/SEVD-2020-224-05 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2011-4263
https://notcve.org/view.php?id=CVE-2011-4263
Cross-site scripting (XSS) vulnerability in Schneider Electric PowerChute Business Edition before 8.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Schneider Electric PowerChute Business Edition antes de v8.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://jvn.jp/en/jp/JVN61695284/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2011-000100 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2009-1798 – APC Network Management Card - Cross-Site Request Forgery / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1798
Multiple cross-site scripting (XSS) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the login_username vector for Forms/login1 is already covered by CVE-2009-4406. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Network Management Card (NMC) para dispositivos American Power Conversion (APC) Switched Rack PDU (también conocido como Rack Mount Power Distribution) y otros dispositivos permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección medisnte vectores no especificados. NOTA: el vector login_username para Forms/login1 está ya cubierto por CVE-2009-4406. • https://www.exploit-db.com/exploits/33405 http://holisticinfosec.org/content/view/111/45 http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887 http://secunia.com/advisories/37744 http://www.kb.cert.org/vuls/id/166739 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2009-1797
https://notcve.org/view.php?id=CVE-2009-1797
Multiple cross-site request forgery (CSRF) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to hijack the authentication of (1) administrator or (2) device users for requests that create new administrative users or have unspecified other impact. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en Network Management Card (NMC) para dispositivos American Power Conversion (APC) Switched Rack PDU (también conocido como Rack Mount Power Distribution) y otros dispositivos permite a atacantes remotos secuestrar la autenticación de (1) administradores o (2) usuarios del dispositivo para hacer peticiones que crean nuevos usuarios administradores o tienen otros impactos no especificados. • http://holisticinfosec.org/content/view/111/45 http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887 http://secunia.com/advisories/37744 http://www.kb.cert.org/vuls/id/166739 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 2CVE-2009-4406
https://notcve.org/view.php?id=CVE-2009-4406
Cross-site scripting (XSS) vulnerability in Forms/login1 in American Power Conversion (APC) Switched Rack PDU AP7932 B2, running rpdu 3.3.3 or 3.7.0 on AOS 3.3.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the login_username parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Forms/login1 en American Power Conversion (APC) Switched Rack PDU AP7932 B2, ejecutando rpdu v3.3.3 o v3.7.0 en AOS v3.3.4, y probablemente otras versiones, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro "login_username". • http://www.packetstormsecurity.org/0912-exploits/apc-xss.txt http://www.securityfocus.com/archive/1/508468/100/0/threaded http://www.securityfocus.com/bid/37338 http://www.securitytracker.com/id?1023331 https://exchange.xforce.ibmcloud.com/vulnerabilities/54824 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •