CVE-2018-9281
Eaton UPS 9PX 8000 SP product is affected by CVE-2018-9281, which involves a CSRF vulnerability in the change-password functionality that can force a logged-in administrator to silently update the password. The same flaw also enables Reflected Cross-Site Scripting in affected forms, potentially e...