vendor:
PowerChute Network Shutdown
by:
SecurityFocus
N/A
CVSS
N/A
HTTP Response Splitting and Cross-Site Scripting (XSS)
N/A
CWE
Product Name: PowerChute Network Shutdown
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
APC PowerChute Network Shutdown HTTP Response Splitting and Cross-Site Scripting (XSS) Vulnerabilities
APC PowerChute Network Shutdown is prone to an HTTP-response-splitting vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, and influence how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust. The HTTP-response-splitting vulnerability is found in the "page" parameter of the "contexthelp" script, while the XSS vulnerability is found in the "referrer" parameter of the "applet" script.
Mitigation:
N/A
