CVE-2021-27887

Name of the Vulnerable Software and Affected Versions Hitachi ABB Power Grids Ellipse APM versions 5.1.0.6 and prior versions Hitachi ABB Power Grids Ellipse APM versions 5.2.0.3 and prior versions Hitachi ABB Power Grids Ellipse APM versions 5.3.0.1 and prior versions

Description The issue is related to a Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM, which allows an authenticated user or integrated application to inject malicious data into the application. This malicious data can then be executed in a victim's browser, potentially leading to a security breach. The vulnerability is exploited by not taking measures to protect the structure of web pages, which can enable a remote attacker to perform a cross-site scripting attack.

Recommendations For Hitachi ABB Power Grids Ellipse APM versions 5.1.0.6 and prior versions, update to a version that fixes the XSS vulnerability in the main dashboard. For Hitachi ABB Power Grids Ellipse APM versions 5.2.0.3 and prior versions, update to a version that fixes the XSS vulnerability in the main dashboard. For Hitachi ABB Power Grids Ellipse APM versions 5.3.0.1 and prior versions, update to a version that fixes the XSS vulnerability in the main dashboard. As a temporary workaround, consider restricting access to the main dashboard to minimize the risk of exploitation.