RSS   Vulnerabilities for 'Powerpanel'   RSS

2019-07-10
 
CVE-2019-13071

CWE-352
 

 
CSRF in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows an attacker to submit POST requests to any forms in the web application. This can be exploited by tricking an authenticated user into visiting an attacker controlled web page.

 
2019-07-09
 
CVE-2019-13070

CWE-79
 

 
A stored XSS vulnerability in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows a privileged attacker to embed malicious JavaScript in the SNMP trap receivers form. Upon visiting the /agent/action_recipient Event Action/Recipient page, the embedded code will be executed in the browser of the victim.

 


Copyright 2024, cxsecurity.com

 

Back to Top