Vulnerabilities > Vertiv > Avocent UMG 4000 Firmware

DATE CVE VULNERABILITY TITLE RISK
2020-03-30 CVE-2019-9509 Cross-site Scripting vulnerability in Vertiv Avocent Umg-4000 Firmware 4.2.1.19
The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected XSS in an HTTP POST parameter.
network
low complexity
vertiv CWE-79
5.4
2020-03-30 CVE-2019-9508 Cross-site Scripting vulnerability in Vertiv Avocent Umg-4000 Firmware 4.2.1.19
The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to stored XSS.
network
low complexity
vertiv CWE-79
3.5
2020-03-30 CVE-2019-9507 Command Injection vulnerability in Vertiv Avocent Umg-4000 Firmware 4.2.1.19
The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing.
network
low complexity
vertiv CWE-77
7.2