Cross-Site Scripting Vulnerability in IBM Storwize V7000 Unified
CVE-2013-5376

Currently unrated

Key Information:

Vendor: IBM
Status: Storwize V7000 Unified Software; Storwize V7000 Unified
Vendor: CVE Published:; 17 October 2013

What is CVE-2013-5376?

The XSS vulnerability in IBM Storwize V7000 Unified versions 1.3.x and 1.4.x prior to 1.4.2.0 allows remote authenticated users to execute arbitrary web scripts or HTML on affected systems. This risk is amplified through 'cross frame scripting' attacks, potentially affecting administrative users by allowing unauthorized manipulation of the web interface.

References

http://www.ibm.com/support/docview.wss?uid=ssg1S1004452

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/86902

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2013
Vulnerability Reserved
Aug 22, 2013