CVE-2018-9281

CVE-2018-9281

An issue was discovered on Eaton UPS 9PX 8000 SP devices. The administration panel is vulnerable to a CSRF attack on the change-password functionality. This vulnerability could be used to force a logged-in administrator to perform a silent password update. The affected forms are also vulnerable to Reflected Cross-Site Scripting vulnerabilities. This flaw could be triggered by driving an administrator logged into the Eaton application to a specially crafted web page. This attack could be done silently.

Source: CVE-2018-9281

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다