A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server (OES) allowing a remote attacker to execute javascript in the victims browser by tricking the victim into clicking on a specially crafted link. This affects OES versions OES2015SP1, OES2018, and OES2018SP1. Older versions may be affected but were not tested as they are out of support.
[
{
"product": "Netstorage component of Open Enterprise Server",
"vendor": "OES",
"versions": [
{
"status": "affected",
"version": "OES2015SP1"
},
{
"status": "affected",
"version": "OES2018"
},
{
"status": "affected",
"version": "and OES2018SP1"
}
]
}
]