Stored Cross Site Scripting Vulnerability in Eaton Intelligent Power Protector (IPP) Software

Stored Cross Site Scripting Vulnerability in Eaton Intelligent Power Protector (IPP) Software

CVE-2021-23283 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Eaton Intelligent Power Protector (IPP) prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software.

Learn more about our User Device Pen Test.