CVE-2019-13070 — MEDIUM (5.4)

Vulnerability Description

A stored XSS vulnerability in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows a privileged attacker to embed malicious JavaScript in the SNMP trap receivers form. Upon visiting the /agent/action_recipient Event Action/Recipient page, the embedded code will be executed in the browser of the victim.

CVSS Score

5.4

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Cyberpowersystems	Powerpanel	3.4.0

Related Weaknesses (CWE)

CWE-79

References

https://www.cyberpowersystems.com/category/advisory-notices/Vendor Advisory
https://www.exploit-db.com/exploits/47059ExploitThird Party AdvisoryVDB Entry
https://www.cyberpowersystems.com/category/advisory-notices/Vendor Advisory
https://www.exploit-db.com/exploits/47059ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2019-13070?

CVE-2019-13070 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A stored XSS vulnerability in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows a privileged attacker to embed malicious JavaScript in the SNMP trap receivers form. Upo...

How severe is CVE-2019-13070?

CVE-2019-13070 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-13070?

Check the references section above for vendor advisories and patch information. Affected products include: Cyberpowersystems Powerpanel.