NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field.
[
{
"product": "SnapCenter Server",
"vendor": "NetApp",
"versions": [
{
"status": "affected",
"version": "Versions prior to 4.0"
}
]
}
]