Unrated severityNVD Advisory· Published Dec 23, 2009· Updated Apr 23, 2026

CVE-2009-4406

Description

Cross-site scripting (XSS) vulnerability in Forms/login1 in American Power Conversion (APC) Switched Rack PDU AP7932 B2, running rpdu 3.3.3 or 3.7.0 on AOS 3.3.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the login_username parameter.

Affected products

Apc/Ap7932 B2 Firmware2 versions
cpe:2.3:a:apc:ap7932_b2_firmware:3.3.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apc:ap7932_b2_firmware:3.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:apc:ap7932_b2_firmware:3.7.0:*:*:*:*:*:*:*
Apc/Ap7932 B2
cpe:2.3:h:apc:ap7932_b2:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.packetstormsecurity.org/0912-exploits/apc-xss.txtnvdExploit
www.securityfocus.com/bid/37338nvdExploit
www.securityfocus.com/archive/1/508468/100/0/threadednvd
www.securitytracker.com/idnvd
exchange.xforce.ibmcloud.com/vulnerabilities/54824nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000