Tripp Lite Stored XSS
Tripp Lite: CVE 2020-26801: SU2200RTXL2UA
A stored XSS vulnerability was discovered on the Tripp Lite SU2200RTXL2UA UPS device.
CVE-2020-26801 - Stored XSS
Affected Device Details
Proof of Concept
Conclusion and Recommendation
The Tripp Lite SU2200RTXL2UA is still being sold by Tripp Lite and it is unknown at this time whether or not CVE-2020-26801 has been fixed in the most recent firmware versions. If you own one of these devices, you may be able to disable the web interface functionality. Disabling the web interface would effectively mitigate any potential risk imposed by this vulnerability.
Tripp Lite SU2200RTXL2UA, https://www.tripplite.com/support/su2200rtxl2ua
MITRE CVE, https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-26801