Cross-Site Scripting Vulnerability in IBM OPENBMC OP910
CVE-2021-38961

6.1MEDIUM

Key Information:

Vendor
IBM
Status
Vendor
CVE Published:
27 December 2021

Summary

IBM OPENBMC OP910 is susceptible to cross-site scripting, enabling attackers to inject malicious JavaScript into the web interface. This flaw may allow unauthorized manipulation of functionality, jeopardizing sensitive user credentials within a trusted session. To mitigate risks, it is crucial for users to remain vigilant about potential exploitation and apply necessary patches as soon as they are available.

Affected Version(s)

OPENBMC OP910

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.