Cross-Site Scripting Vulnerability in Dell EMC Isilon OneFS Web Administration
CVE-2018-1201

4.8MEDIUM

Key Information:

Vendor
Dell
Status
Isilon Onefs
Vendor
CVE Published:
26 March 2018

Summary

A cross-site scripting vulnerability exists within the Job Operations Page of the OneFS web administration interface in certain versions of Dell EMC Isilon. This vulnerability allows a malicious administrator to inject arbitrary HTML or JavaScript code into the user's browser session while interacting with the OneFS web interface. As a result, attackers could execute scripts in the context of the affected user's session, posing significant security risks such as data theft or unauthorized actions.

Affected Version(s)

Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x and version 7.1.1.11

References

http://www.securityfocus.com/bid/103033
vdb-entryx_refsource_BID
http://seclists.org/fulldisclosure/2018/Mar/50
mailing-listx_refsource_FULLDISC
https://www.coresecurity.com/advisories/dell-emc-isilon-o...
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.