Unrated severityNVD Advisory· Published Oct 24, 2018· Updated Aug 5, 2024
CVE-2018-9281
CVE-2018-9281
Description
An issue was discovered on Eaton UPS 9PX 8000 SP devices. The administration panel is vulnerable to a CSRF attack on the change-password functionality. This vulnerability could be used to force a logged-in administrator to perform a silent password update. The affected forms are also vulnerable to Reflected Cross-Site Scripting vulnerabilities. This flaw could be triggered by driving an administrator logged into the Eaton application to a specially crafted web page. This attack could be done silently.
Affected products
1Patches
Vulnerability mechanics
References
1- www.bishopfox.com/news/2018/10/eaton-ups-9px-8000-sp-multiple-vulnerabilities/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.