Cross Site Scripting Issue in PowerChute Business Edition
PowerChute Business Edition is vulnerable to Cross Site Scripting (XSS) attacks.
PowerChute Business Edition Agent 9.0.3
All Supported OS
Found during normal testing
The following mitigation strategies can be employed to reduce or eliminate the potential for this issue to manifest.
• Placement of PowerChute Business Edition on a private or secure network (e.g. behind a firewall) will reduce the vulnerability of the software as unauthorized 3rd party user will not have access through a firewall to reach the target machine.
• Ensure to use the latest browser versions which have XSS filters enabled by default
Schneider Electric Action:
The issue will be addressed in the next PowerChute Business Edition release.
NOTE: The issue does not occur in the 9.1.1 and 9.2 releases