Cross-Site Scripting Vulnerability in IBM OPENBMC OP910
CVE-2021-38961

6.1MEDIUM

Key Information:

Vendor: IBM
Status: Openbmc
Vendor: CVE Published:; 27 December 2021

Summary

IBM OPENBMC OP910 is susceptible to cross-site scripting, enabling attackers to inject malicious JavaScript into the web interface. This flaw may allow unauthorized manipulation of functionality, jeopardizing sensitive user credentials within a trusted session. To mitigate risks, it is crucial for users to remain vigilant about potential exploitation and apply necessary patches as soon as they are available.

Affected Version(s)

OPENBMC OP910

References

https://www.ibm.com/support/pages/node/6536720

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/212049

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 27, 2021
Vulnerability Reserved
Aug 16, 2021