CVE-2019-19393

Name of the Vulnerable Software and Affected Versions Rittal CMC PU III versions 3.00 to 3.15.70 4

Description The issue concerns a failure to sanitize user input on the system configurations page of the web application. This allows an attacker to inject HTML and browser-interpreted content, such as JavaScript, which is displayed before and after login. The exploitation of this issue can lead to the modification of displayed content or changes to the victim's information. It requires access to the web management interface, either with valid credentials or through a hijacked session.

Recommendations For versions 3.00 to 3.15.70 4, as a temporary workaround, consider restricting access to the system configurations page to minimize the risk of exploitation. Avoid using the web management interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.