Cross Site Scripting Issue in PowerChute Business Edition
Issue:
PowerChute Business Edition is vulnerable to Cross Site Scripting (XSS) attacks.
Product Line:
PowerChute Business Edition Agent 9.0.2, 9.0.3, 9.0.4
Environment:
All Supported OS
Cause:
Found during normal testing
Solution:
Mitigation Strategy:
The following mitigation strategies can be employed to reduce or eliminate the potential for this issue to manifest.
• Placement of PowerChute Business Edition on a private or secure network (e.g. behind a firewall) will reduce the vulnerability of the software as unauthorized 3rd party user will not have access through a firewall to reach the target machine.
• Ensure to use the latest browser versions which have XSS filters enabled by default
Schneider Electric Action:
The issue will be addressed in the next PowerChute Business Edition release.
NOTE: The issue does not occur in the 9.1.1, 9.2, and 9.2.1 releases
_____________________________________________