Cross-Site Scripting Vulnerability in Dell EMC Isilon OneFS Management Interface
CVE-2018-1186

4.8MEDIUM

Key Information:

Vendor

Dell
Status
Isilon Onefs
Vendor
CVE Published:
26 March 2018

What is CVE-2018-1186?

The Dell EMC Isilon OneFS web administration interface is vulnerable to a cross-site scripting (XSS) issue, allowing an attacker with administrative privileges to inject arbitrary HTML or JavaScript. This can result in malicious scripts being executed in the context of a user's browser session while interacting with the OneFS web interface. Such exploitation could compromise user data or facilitate further attacks within the application. The affected versions include specific ranges within 8.1, 8.0, and 7.2.1, posing a significant risk to environments utilizing this platform.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x and version 7.1.1.11

References

http://www.securityfocus.com/bid/103033
vdb-entryx_refsource_BID
http://seclists.org/fulldisclosure/2018/Mar/50
mailing-listx_refsource_FULLDISC
https://www.coresecurity.com/advisories/dell-emc-isilon-o...
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.