CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2009-1798 – APC Network Management Card - Cross-Site Request Forgery / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1798
28 Dec 2009 — Multiple cross-site scripting (XSS) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the login_username vector for Forms/login1 is already covered by CVE-2009-4406. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Network Management Card (NMC) para dispositivos Americ... • https://www.exploit-db.com/exploits/33405 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2009-1797
https://notcve.org/view.php?id=CVE-2009-1797
28 Dec 2009 — Multiple cross-site request forgery (CSRF) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to hijack the authentication of (1) administrator or (2) device users for requests that create new administrative users or have unspecified other impact. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en Network Management Card (NMC) para disp... • http://holisticinfosec.org/content/view/111/45 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 6%CPEs: 2EXPL: 0CVE-2007-6226
https://notcve.org/view.php?id=CVE-2007-6226
04 Dec 2007 — The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login access by making a login attempt while a different client is logged in, and then resubmitting the login attempt once the other client exits. La American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), con rpdu 3.5.5 y aos 3.5.6, permite a atacantes remotos evitar la validación y ob... • http://securityreason.com/securityalert/3418 • CWE-287: Improper Authentication •