6.3
CVE-2021-27887
- EPSS 0.51%
- Veröffentlicht 14.06.2021 22:15:15
- Zuletzt bearbeitet 21.11.2024 05:58:42
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginStored XSS vulnerability in Ellipse APM
Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim’s browser. This issue affects: Hitachi ABB Power Grids Ellipse APM 5.3 version 5.3.0.1 and prior versions; 5.2 version 5.2.0.3 and prior versions; 5.1 version 5.1.0.6 and prior versions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hitachiabb-powergrids ≫ Ellipse Asset Performance Management Version >= 5.1.0.0 <= 5.1.0.6
Hitachiabb-powergrids ≫ Ellipse Asset Performance Management Version >= 5.2.0.0 <= 5.2.0.3
Hitachiabb-powergrids ≫ Ellipse Asset Performance Management Version >= 5.3.0.0 <= 5.3.0.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.51% | 0.39 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
| cve@mitre.org | 6.3 | 2.1 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9700&LanguageCode=en&DocumentPartId=&Action=Launch