Cross-Site Scripting Vulnerability in Dell EMC Isilon OneFS Management Interface
CVE-2018-1186

4.8MEDIUM

Key Information:

Vendor
Dell
Status
Isilon Onefs
Vendor
CVE Published:
26 March 2018

Summary

The Dell EMC Isilon OneFS web administration interface is vulnerable to a cross-site scripting (XSS) issue, allowing an attacker with administrative privileges to inject arbitrary HTML or JavaScript. This can result in malicious scripts being executed in the context of a user's browser session while interacting with the OneFS web interface. Such exploitation could compromise user data or facilitate further attacks within the application. The affected versions include specific ranges within 8.1, 8.0, and 7.2.1, posing a significant risk to environments utilizing this platform.

Affected Version(s)

Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x and version 7.1.1.11

References

http://www.securityfocus.com/bid/103033
vdb-entryx_refsource_BID
http://seclists.org/fulldisclosure/2018/Mar/50
mailing-listx_refsource_FULLDISC
https://www.coresecurity.com/advisories/dell-emc-isilon-o...
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.