4.8
CVE-2018-1189
- EPSS 5.62%
- Veröffentlicht 26.03.2018 18:29:01
- Zuletzt bearbeitet 21.11.2024 03:59:21
- Quelle security_alert@emc.com
- Teams Watchlist Login
- Unerledigt Login
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dell ≫ Emc Isilon Version >= 7.2.1.0 <= 7.2.1.6
Dell ≫ Emc Isilon Version >= 8.0.0.0 <= 8.0.0.6
Dell ≫ Emc Isilon Version >= 8.0.1.0 <= 8.0.1.2
Dell ≫ Emc Isilon Version >= 8.1.0.0 <= 8.1.0.1
Dell ≫ Emc Isilon Version7.1.1.11
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.62% | 0.893 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.8 | 1.7 | 2.7 |
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.