All the vulnerabilites related to Schneider Electric - PowerChute
jvndb-2005-000776
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Java Cryptography Extension 1.2.1 (JCE 1.2.1) will no longer function properly after July 28, 2005 due to the expiration of its digital certificate
Details
The digital certificate that was used to sign jar files in the Java Cryptography Extension (JCE) 1.2.1 expires on July 28, 2005. JCE 1.2.1 limits program behaviors after the expiration of the digital certificate. As a result, specific methods of JCE 1.2.1 will no longer work properly after the expiration, and problems may occur, such as an application using JCE does not start.
If you use JCE in Java application development, please check the version of JCE used. If you use J2SE 1.2.x or J2SE 1.3.x to develop Java applications, JCE 1.2.1 may be included as an optional package.
This issue, caused by the expiration of the digital certificate, is not a vulnerability; however, we provide this JVN article to publicize the issue to users.
*1 JPCERT/CC coordinated this issue based on the publicly available information.
References
| Type | URL |
|---|---|
| JVN | http://jvn.jp/en/jp/JVN93926203/index.html |
| JPCERT-WR | http://www.jpcert.or.jp/wr/2005/wr052701.txt |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000776.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "The digital certificate that was used to sign jar files in the Java Cryptography Extension (JCE) 1.2.1 expires on July 28, 2005. JCE 1.2.1 limits program behaviors after the expiration of the digital certificate. As a result, specific methods of JCE 1.2.1 will no longer work properly after the expiration, and problems may occur, such as an application using JCE does not start.\r\n\r\nIf you use JCE in Java application development, please check the version of JCE used. If you use J2SE 1.2.x or J2SE 1.3.x to develop Java applications, JCE 1.2.1 may be included as an optional package.\r\n\r\nThis issue, caused by the expiration of the digital certificate, is not a vulnerability; however, we provide this JVN article to publicize the issue to users.\r\n\r\n*1 JPCERT/CC coordinated this issue based on the publicly available information.",
"link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000776.html",
"sec:cpe": [
{
"#text": "cpe:/a:adobe:coldfusion",
"@product": "Adobe ColdFusion",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:adobe:jrun",
"@product": "Adobe JRun",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:apc:powerchute",
"@product": "PowerChute",
"@vendor": "Schneider Electric",
"@version": "2.2"
},
{
"#text": "cpe:/a:bea:weblogic_express",
"@product": "BEA WebLogic Express",
"@vendor": "BEA Systems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:bea:weblogic_platform",
"@product": "BEA WebLogic Platform",
"@vendor": "BEA Systems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:bea:weblogic_server",
"@product": "BEA WebLogic Server",
"@vendor": "BEA Systems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cisco:wan_manager",
"@product": "Cisco WAN Manager (CWM)",
"@vendor": "Cisco Systems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cisco:wireless_lan_solution_engine",
"@product": "CiscoWorks Wireless LAN Solution Engine (CWWLSE)",
"@vendor": "Cisco Systems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_application_server",
"@product": "Interstage Application Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:powerchute",
"@product": "PowerChute",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server",
"@product": "Cosminexus Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_web_contents_generator",
"@product": "Cosminexus Web Contents Generator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:java_jce",
"@product": "IBM JCE",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:java_jdk",
"@product": "IBM JDK",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:java_jre",
"@product": "IBM JRE",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:infoteria_asteria_r2_flow_builder",
"@product": "ASTERIA R2 Flow Builder",
"@vendor": "Infoteria Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:infoteria_asteria_r2_server",
"@product": "ASTERIA R2 Server",
"@vendor": "Infoteria Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:esmpro_upsmanager",
"@product": "ESMPRO/UPSManager",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:powerchute",
"@product": "PowerChute",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:j2se",
"@product": "J2SE",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:jce",
"@product": "JCE",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:cisco:hosting_solution_engine",
"@product": "CiscoWorks Host Solution Engine (HSE)",
"@vendor": "Cisco Systems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:fujitsu:primergy",
"@product": "PRIMERGY",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/h:hitachi:ha8000",
"@product": "HA8000 Series",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/h:mcafee:intrushield_security_management_system",
"@product": "McAfee IntruShield",
"@vendor": "McAfee",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2005-000776",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN93926203/index.html",
"@id": "JVN#93926203",
"@source": "JVN"
},
{
"#text": "http://www.jpcert.or.jp/wr/2005/wr052701.txt",
"@id": "JPCERT-WR-2005-2701",
"@source": "JPCERT-WR"
}
],
"title": "Java Cryptography Extension 1.2.1 (JCE 1.2.1) will no longer function properly after July 28, 2005 due to the expiration of its digital certificate"
}
jvndb-2011-000100
Vulnerability from jvndb
Published
2011-12-06 16:49
Modified
2011-12-06 16:49
Summary
PowerChute Business Edition vulnerable to cross-site scripting
Details
PowerChute Business Edition contains a cross-site scripting vulnerability.
PowerChute Business Edition from Schneider Electric is a power management software. PowerChute Business Edition contains a cross-site scripting vulnerability.
Jun Okada of GLOBAL TECHNOLOGY CORPORATION reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Schneider Electric | PowerChute |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000100.html",
"dc:date": "2011-12-06T16:49+09:00",
"dcterms:issued": "2011-12-06T16:49+09:00",
"dcterms:modified": "2011-12-06T16:49+09:00",
"description": "PowerChute Business Edition contains a cross-site scripting vulnerability.\r\n\r\nPowerChute Business Edition from Schneider Electric is a power management software. PowerChute Business Edition contains a cross-site scripting vulnerability.\r\n\r\nJun Okada of GLOBAL TECHNOLOGY CORPORATION reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000100.html",
"sec:cpe": {
"#text": "cpe:/a:apc:powerchute",
"@product": "PowerChute",
"@vendor": "Schneider Electric",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000100",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN61695284/index.html",
"@id": "JVN#61695284",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4263",
"@id": "CVE-2011-4263",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4263",
"@id": "CVE-2011-4263",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "PowerChute Business Edition vulnerable to cross-site scripting"
}
var-201112-0182
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in Schneider Electric PowerChute Business Edition before 8.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. PowerChute Business Edition contains a cross-site scripting vulnerability. PowerChute Business Edition from Schneider Electric is a power management software. PowerChute Business Edition contains a cross-site scripting vulnerability. Jun Okada of GLOBAL TECHNOLOGY CORPORATION reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user's web browser. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
TITLE: APC PowerChute Business Edition Unspecified Cross-Site Scripting Vulnerability
SECUNIA ADVISORY ID: SA47113
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47113/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47113
RELEASE DATE: 2011-12-13
DISCUSS ADVISORY: http://secunia.com/advisories/47113/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/47113/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47113
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in APC PowerChute Business Edition, which can be exploited by malicious people to conduct cross-site scripting attacks.
Certain unspecified input is not properly sanitised before being returned to the user.
SOLUTION: Update to version 8.5.
ORIGINAL ADVISORY: JVN: https://jvn.jp/en/jp/JVN61695284/index.html http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000100.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201112-0182",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "powerchute",
"scope": "eq",
"trust": 1.6,
"vendor": "apc",
"version": "7.0.4"
},
{
"model": "powerchute",
"scope": "eq",
"trust": 1.6,
"vendor": "apc",
"version": "7.1"
},
{
"model": "powerchute",
"scope": "eq",
"trust": 1.6,
"vendor": "apc",
"version": "6.0"
},
{
"model": "powerchute",
"scope": "lte",
"trust": 1.0,
"vendor": "apc",
"version": "8.0.1"
},
{
"model": "electric powerchute business edition",
"scope": "eq",
"trust": 0.9,
"vendor": "schneider",
"version": "0"
},
{
"model": "powerchute",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "(business) prior to 8.5"
},
{
"model": "powerchute",
"scope": "eq",
"trust": 0.6,
"vendor": "apc",
"version": "8.0.1"
},
{
"model": "electric powerchute business edition",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider",
"version": "8.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "powerchute",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "powerchute",
"version": "7.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "powerchute",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "powerchute",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "58a2b8ce-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5251"
},
{
"db": "BID",
"id": "51022"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000100"
},
{
"db": "NVD",
"id": "CVE-2011-4263"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-079"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apc:powerchute:7.1:*:business:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apc:powerchute:7.0.4:*:business:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apc:powerchute:6.0:*:business:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apc:powerchute:*:*:business:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4263"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jun Okada of GLOBAL TECHNOLOGY CORPORATION",
"sources": [
{
"db": "BID",
"id": "51022"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4263",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2011-000100",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "58a2b8ce-2354-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4263",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2011-000100",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201112-079",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "58a2b8ce-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "58a2b8ce-2354-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000100"
},
{
"db": "NVD",
"id": "CVE-2011-4263"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-079"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in Schneider Electric PowerChute Business Edition before 8.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. PowerChute Business Edition contains a cross-site scripting vulnerability. PowerChute Business Edition from Schneider Electric is a power management software. PowerChute Business Edition contains a cross-site scripting vulnerability. Jun Okada of GLOBAL TECHNOLOGY CORPORATION reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user\u0027s web browser. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. ----------------------------------------------------------------------\n\nSecunia is hiring!\n\nFind your next job here:\n\nhttp://secunia.com/company/jobs/\n\n----------------------------------------------------------------------\n\nTITLE:\nAPC PowerChute Business Edition Unspecified Cross-Site Scripting\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA47113\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/47113/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47113\n\nRELEASE DATE:\n2011-12-13\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/47113/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/47113/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47113\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in APC PowerChute Business Edition,\nwhich can be exploited by malicious people to conduct cross-site\nscripting attacks. \n\nCertain unspecified input is not properly sanitised before being\nreturned to the user. \n\nSOLUTION:\nUpdate to version 8.5. \n\nORIGINAL ADVISORY:\nJVN:\nhttps://jvn.jp/en/jp/JVN61695284/index.html\nhttp://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000100.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4263"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000100"
},
{
"db": "CNVD",
"id": "CNVD-2011-5251"
},
{
"db": "BID",
"id": "51022"
},
{
"db": "IVD",
"id": "58a2b8ce-2354-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "107938"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4263",
"trust": 3.5
},
{
"db": "JVN",
"id": "JVN61695284",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000100",
"trust": 2.8
},
{
"db": "CNVD",
"id": "CNVD-2011-5251",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201112-079",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVN#61695284",
"trust": 0.6
},
{
"db": "BID",
"id": "51022",
"trust": 0.3
},
{
"db": "SECUNIA",
"id": "47113",
"trust": 0.3
},
{
"db": "IVD",
"id": "58A2B8CE-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "107938",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "58a2b8ce-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5251"
},
{
"db": "BID",
"id": "51022"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000100"
},
{
"db": "PACKETSTORM",
"id": "107938"
},
{
"db": "NVD",
"id": "CVE-2011-4263"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-079"
}
]
},
"id": "VAR-201112-0182",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "58a2b8ce-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5251"
}
],
"trust": 1.55
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "58a2b8ce-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5251"
}
]
},
"last_update_date": "2023-12-18T12:52:19.662000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PowerChute Business Edition",
"trust": 0.8,
"url": "http://www.apc.com/products/family/index.cfm?id=125\u0026isocountrycode=us"
},
{
"title": "Schneider Electric PowerChute Business Edition has patches for unidentified cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/6260"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5251"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000100"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-000100"
},
{
"db": "NVD",
"id": "CVE-2011-4263"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://jvn.jp/en/jp/jvn61695284/index.html"
},
{
"trust": 1.6,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2011-000100"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4263"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4263"
},
{
"trust": 0.6,
"url": "http://jvn.jp/en/jp/jvn61695284/index.htmlhttp"
},
{
"trust": 0.4,
"url": "http://jvndb.jvn.jp/en/contents/2011/jvndb-2011-000100.html"
},
{
"trust": 0.3,
"url": "http://www.apc.com/products/family/index.cfm?id=125\u0026isocountrycode=us"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47113/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47113/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47113"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5251"
},
{
"db": "BID",
"id": "51022"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000100"
},
{
"db": "PACKETSTORM",
"id": "107938"
},
{
"db": "NVD",
"id": "CVE-2011-4263"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-079"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "58a2b8ce-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5251"
},
{
"db": "BID",
"id": "51022"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000100"
},
{
"db": "PACKETSTORM",
"id": "107938"
},
{
"db": "NVD",
"id": "CVE-2011-4263"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-079"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-14T00:00:00",
"db": "IVD",
"id": "58a2b8ce-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5251"
},
{
"date": "2011-12-12T00:00:00",
"db": "BID",
"id": "51022"
},
{
"date": "2011-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-000100"
},
{
"date": "2011-12-16T07:34:32",
"db": "PACKETSTORM",
"id": "107938"
},
{
"date": "2011-12-07T19:55:01.957000",
"db": "NVD",
"id": "CVE-2011-4263"
},
{
"date": "2011-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-079"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5251"
},
{
"date": "2015-03-19T09:36:00",
"db": "BID",
"id": "51022"
},
{
"date": "2011-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-000100"
},
{
"date": "2011-12-08T14:59:41.547000",
"db": "NVD",
"id": "CVE-2011-4263"
},
{
"date": "2011-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-079"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201112-079"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PowerChute Business Edition vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-000100"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "107938"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-079"
}
],
"trust": 0.7
}
}