Vulnerability CVE-2021-27887
Published: 2021-06-14   Modified: 2021-06-15

Description:
Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim??s browser. This issue affects: Hitachi ABB Power Grids Ellipse APM 5.3 version 5.3.0.1 and prior versions; 5.2 version 5.2.0.3 and prior versions; 5.1 version 5.1.0.6 and prior versions.

Type:

CWE-79

 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.5/10
2.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Hitachiabb-powergrids -> Ellipse asset performance management 

 References:
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9700&LanguageCode=en&DocumentPartId=&Action=Launch
Copyright 2024, cxsecurity.com

 

Back to Top