Cross-Site Scripting Vulnerability in NetApp OnCommand System Manager
CVE-2013-3320

6.1MEDIUM

Key Information:

Vendor
Netapp
Status
Oncommand System Manager
Vendor
CVE Published:
29 January 2020

Summary

A Cross-Site Scripting (XSS) vulnerability exists in NetApp OnCommand System Manager versions prior to 2.2. This security flaw allows remote attackers to exploit specific input fields, such as 'full-name' and 'comment', to inject arbitrary web scripts or HTML. This potential attack vector can compromise the integrity of user interactions within the application, highlighting the importance of prompt updates and security measures to mitigate such risks.

References

http://www.securityfocus.com/bid/59688
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/84061
vdb-entryx_refsource_XF
https://exchange.xforce.ibmcloud.com/vulnerabilities/84060
vdb-entryx_refsource_XF

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.