CVE-2018-1188

4.8MEDIUM

Key Information:

Vendor
Dell
Status
Isilon Onefs
Vendor
CVE Published:
26 March 2018

Summary

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.

Affected Version(s)

Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x

References

http://www.securityfocus.com/bid/103033
vdb-entryx_refsource_BID
http://seclists.org/fulldisclosure/2018/Mar/50
mailing-listx_refsource_FULLDISC
https://www.coresecurity.com/advisories/dell-emc-isilon-o...
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.