HTTP: Eaton Intelligent Power Management Stored Cross-Site Scripting
This signature detects attempts to exploit a known cross-site scripting vulnerability against Eaton Intelligent Power Management. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.
Extended Description
Eaton Intelligent Power Manager (IPM) prior to 1.70 is vulnerable to stored Cross site scripting. The vulnerability exists due to insufficient validation of input from certain resources by the IPM software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system
References
CVE: CVE-2021-23282
Short Name
HTTP:XSS:EATON-INTLGNT-MUL-SXSS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2021-23282 Cross-Site Eaton Intelligent Management Power Scripting Stored
Release Date
05/26/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown