CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2009-1798 – APC Network Management Card - Cross-Site Request Forgery / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1798
28 Dec 2009 — Multiple cross-site scripting (XSS) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the login_username vector for Forms/login1 is already covered by CVE-2009-4406. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Network Management Card (NMC) para dispositivos Americ... • https://www.exploit-db.com/exploits/33405 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2009-1797
https://notcve.org/view.php?id=CVE-2009-1797
28 Dec 2009 — Multiple cross-site request forgery (CSRF) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to hijack the authentication of (1) administrator or (2) device users for requests that create new administrative users or have unspecified other impact. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en Network Management Card (NMC) para disp... • http://holisticinfosec.org/content/view/111/45 • CWE-352: Cross-Site Request Forgery (CSRF) •