Vulnerabilities (CVE)

Filtered by vendor Cyberpowersystems Subscribe
Filtered by product Powerpanel
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-13071 1 Cyberpowersystems 1 Powerpanel 2024-02-28 6.8 MEDIUM 8.8 HIGH
CSRF in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows an attacker to submit POST requests to any forms in the web application. This can be exploited by tricking an authenticated user into visiting an attacker controlled web page.
CVE-2019-13070 1 Cyberpowersystems 1 Powerpanel 2024-02-28 3.5 LOW 5.4 MEDIUM
A stored XSS vulnerability in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows a privileged attacker to embed malicious JavaScript in the SNMP trap receivers form. Upon visiting the /agent/action_recipient Event Action/Recipient page, the embedded code will be executed in the browser of the victim.