Reflected Cross-Site Scripting Vulnerability in Veritas NetBackUp OpsCenter
CVE-2023-26789

6.1MEDIUM

Key Information:

Vendor
Veritas
Status
Netbackup Opscenter
Vendor
CVE Published:
5 April 2023

Summary

The Veritas NetBackUp OpsCenter Version 9.1.0.1 contains a vulnerability that allows for reflected cross-site scripting attacks. This vulnerability stems from the application’s insufficient sanitization of special characters, enabling an attacker to inject and execute arbitrary HTML and JavaScript code in the web browser of a user who interacts with the affected application. If exploited, this could lead to significant security risks, including data theft and unauthorized access to sensitive information.

References

https://github.com/IthacaLabs/Veritas-Technologies
https://github.com/IthacaLabs/Veritas-Technologies/blob/m...
https://github.com/IthacaLabs/Veritas-Technologies/blob/m...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-26789 : Reflected Cross-Site Scripting Vulnerability in Veritas NetBackUp OpsCenter | SecurityVulnerability.io