CVE-2009-4406

Name of the Vulnerable Software and Affected Versions American Power Conversion (APC) Switched Rack PDU AP7932 B2 versions 3.3.3 through 3.7.0

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the login username parameter in the Forms/login1 endpoint.

Recommendations For versions 3.3.3 through 3.7.0, avoid using the login username parameter in the Forms/login1 endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the login functionality to minimize the risk of exploitation.