Cross Site Scripting Issue in PowerChute Business Edition

Issue:
PowerChute Business Edition is vulnerable to Cross Site Scripting (XSS) attacks.

Product Line:
PowerChute Business Edition Agent 9.0.2, 9.0.3, 9.0.4

Environment:
All Supported OS

Cause:
Found during normal testing

Solution:

Mitigation Strategy:
The following mitigation strategies can be employed to reduce or eliminate the potential for this issue to manifest.

• Placement of PowerChute Business Edition on a private or secure network (e.g. behind a firewall) will reduce the vulnerability of the software as unauthorized 3rd party user will not have access through a firewall to reach the target machine.

• Ensure to use the latest browser versions which have XSS filters enabled by default

Schneider Electric Action:
The issue will be addressed in the next PowerChute Business Edition release.

NOTE: The issue does not occur in the 9.1.1, 9.2, and 9.2.1 releases
_____________________________________________