Emerson Network Power · Emerson Network Power Liebert Challenger · CVE-2019-12167
**Name of the Vulnerable Software and Affected Versions**
Emerson Network Power Liebert Challenger version 5.1E0.5
**Description**
The issue concerns a problem with the httpGetSet/httpGet.htm page on Emerson Network Power Liebert Challenger devices, where an XSS attack can be performed via the `statusstr` parameter.
**Recommendations**
For Emerson Network Power Liebert Challenger version 5.1E0.5, avoid using the `statusstr` parameter in the httpGetSet/httpGet.htm page until the issue is resolved. As a temporary workaround, consider restricting access to the httpGetSet/httpGet.htm page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.