Cross site scripting

2018-05-1721:29:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.7%

JSON

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362.

CPENameOperatorVersion
san_volume_controller_firmwarege6.1.0.0
san_volume_controller_firmwarelt7.5.0.14
san_volume_controller_firmwarege7.7.0.0
san_volume_controller_firmwarelt7.7.1.9
san_volume_controller_firmwarege7.8.0.0
san_volume_controller_firmwarelt7.8.1.6
san_volume_controller_firmwarege8.1.1.0
san_volume_controller_firmwarelt8.1.1.2
san_volume_controller_firmwarege8.1.2.0
san_volume_controller_firmwarelt8.1.2.1

Name	Operator	Version
san_volume_controller_firmware	ge	6.1.0.0
san_volume_controller_firmware	lt	7.5.0.14
san_volume_controller_firmware	ge	7.7.0.0
san_volume_controller_firmware	lt	7.7.1.9
san_volume_controller_firmware	ge	7.8.0.0
san_volume_controller_firmware	lt	7.8.1.6
san_volume_controller_firmware	ge	8.1.1.0
san_volume_controller_firmware	lt	8.1.1.2
san_volume_controller_firmware	ge	8.1.2.0
san_volume_controller_firmware	lt	8.1.2.1