{"searchBar":{"inputPlaceholder":"Search by keyword or ask a question","searchBtn":"Search","error":"Please enter a keyword to search"}}
{}

Our Brands

{"support":{"yesButton":"yes","noButton":"no","feedback":{"title":"What can we do to improve?"},"submitButton":"Submit","successMessage":"Thank you for your feedback","title":"Was this helpful?","feedbackPercentLabel":"of people found this helpful","captcha":{"error":"Please tick the box"}}}
Search FAQs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability (NMC3 RPDU2G)

Issue:
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists when an outlet user can create a “outlet link” which could allow the security token for a superuser to be forwarded to a machine controlled by the attacker, allowing the user to access the system with elevated privileges. Specifying all links as no referrer blocks the security token from being sent.

Product Lines:
ProductVersion
AP7xxxx and AP8xxx with NMC2V6.9.6 or earlier
AP7xxx and AP8xxx with NMC3v1.1.0.3 or earlier
APDU9xxx with NMC3v1.0.0.28 or earlier


Solution:
A firmware update has been made available to address CWE-79, and has been attached to this article. Please use the below chart to select the proper firmware version. 
 
AP7xxxx and AP8xxx with NMC2v7.0.6 of the Rack PDU firmware includes a fix for this vulnerability and is available for download here
AP7xxx and AP8xxx with NMC3v1.2.0.2 of the Rack PDU firmware includes a fix for this vulnerability and is available for download here
APDU9xxx with NMC3v1.2.0.2 of the Rack PDU firmware includes a fix for this vulnerability and is available for download here

Can't find what you are looking for?

Reach out to our Customer Care team to receive information on technical support, assistance for complaints and more.