CVE-2021-23282

Name of the Vulnerable Software and Affected Versions Eaton Intelligent Power Manager (IPM) versions prior to 1.70

Description The issue exists due to insufficient validation of input from certain resources by the IPM software, leading to stored Cross site scripting. An attacker would need access to the local Subnet and an administrator interaction to compromise the system. The vulnerability may allow a remote attacker to conduct a cross-site scripting (XSS) attack.

Recommendations For versions prior to 1.70, upgrade to version 1.70 or later to resolve the issue. As a temporary workaround, consider restricting access to the IPM software to minimize the risk of exploitation. Additionally, ensure that all input from certain resources is properly validated to prevent stored Cross site scripting attacks.