CVE-2009-1798

APC Network Management Card - Cross-Site Scripting

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1798. PoCs published by Jamal Pecou.

AI-analyzed exploit summary The provided text describes CVE-2009-1798, which involves cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in APC Network Management Card firmware versions prior to 3.7.2 and 5.1.1. It includes an example XSS payload but lacks executable exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the login_username vector for Forms/login1 is already covered by CVE-2009-4406.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Jamal Pecou · textremotemultiple
https://www.exploit-db.com/exploits/33405

The provided text describes CVE-2009-1798, which involves cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in APC Network Management Card firmware versions prior to 3.7.2 and 5.1.1. It includes an example XSS payload but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: APC Network Management Card Firmware < 3.7.2, < 5.1.1
No auth needed
Prerequisites: Victim interaction required for XSS · Network access to the vulnerable device
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Various Sources x_refsource_misc
http://holisticinfosec.org/content/view/111/45/
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/166739
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37744

Scores

EPSS 0.0199
EPSS Percentile 78.3%

Details

CWE
CWE-79
Status published
Products (2)
apc/network_management_card
apc/switched_rack_pdu
Published Dec 28, 2009
Tracked Since Feb 18, 2026