CVE-2009-4406

Cross-site scripting (XSS) vulnerability in Forms/login1 in American Power Conversion (APC) Switched Rack PDU AP7932 B2, running rpdu 3.3.3 or 3.7.0 on AOS 3.3.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the login_username parameter.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
apcap7932_b2_firmware
3.3.3
apcap7932_b2_firmware
3.7.0
apcap7932_b2
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.packetstormsecurity.org/0912-exploits/apc-xss.txt
http://www.securityfocus.com/archive/1/508468/100/0/threaded
http://www.securityfocus.com/bid/37338
http://www.securitytracker.com/id?1023331
https://exchange.xforce.ibmcloud.com/vulnerabilities/54824
http://www.packetstormsecurity.org/0912-exploits/apc-xss.txt
http://www.securityfocus.com/archive/1/508468/100/0/threaded
http://www.securityfocus.com/bid/37338
http://www.securitytracker.com/id?1023331
https://exchange.xforce.ibmcloud.com/vulnerabilities/54824