Cross site scripting

2021-05-0416:15:00

PRIOn knowledge base

www.prio-n.com

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.6%

JSON

The IBM FlashSystem 900 user management GUI is vulnerable to stored cross-site scripting in code versions 1.5.2.8 and prior and 1.6.1.2 and prior. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CPENameOperatorVersion
flashsystem_900_firmwarelt1.5.2.9
flashsystem_900_firmwarege1.6.0.0
flashsystem_900_firmwarelt1.6.1.3

Name	Operator	Version
flashsystem_900_firmware	lt	1.5.2.9
flashsystem_900_firmware	ge	1.6.0.0
flashsystem_900_firmware	lt	1.6.1.3

References

exchange.xforce.ibmcloud.com/vulnerabilities/192702

www.ibm.com/support/pages/node/6449280