CVE-2021-27887
Last modified
CVE-2021-27887 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim’s browser. This issue affects: Hitachi ABB Power Grids Ellipse APM 5.3 version 5.3.0.1 and prior versions; 5.2 version 5.2.0.3 and prior versions; 5.1 version 5.1.0.6 and prior versions.. EPSS estimates a 0.51% chance of exploitation in the next 30 days.
Description
Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim’s browser. This issue affects: Hitachi ABB Power Grids Ellipse APM 5.3 version 5.3.0.1 and prior versions; 5.2 version 5.2.0.3 and prior versions; 5.1 version 5.1.0.6 and prior versions.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hitachiabb-Powergrids | Ellipse Asset Performance Management | >= 5.1.0.0, <= 5.1.0.6 |
| Hitachiabb-Powergrids | Ellipse Asset Performance Management | >= 5.2.0.0, <= 5.2.0.3 |
| Hitachiabb-Powergrids | Ellipse Asset Performance Management | >= 5.3.0.0, <= 5.3.0.1 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-27887?
How severe is CVE-2021-27887?
How do I fix CVE-2021-27887?
Are you affected by CVE-2021-27887?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST