7 matches found
CVE-2018-1202
CVE-2018-1202 is a cross-site scripting vulnerability in the Dell EMC Isilon OneFS NDMP web page. The weakness arises in the OneFS Web administration interface where NDMP page input can inject HTML/JS into the user’s browser session. Affected are Isilon OneFS versions 8.0.0.0–8.0.0.6, 8.0.1.0–8.0...
CVE-2018-1201
Dell EMC Isilon OneFS Web Console (Job Operations Page) is affected by cross-site scripting (CVE-2018-1201) across multiple releases (8.0.x, 8.1.x, 7.2.1.x, 7.1.1.11). Root cause: insufficient input sanitization in several endpoints (e.g., job/policies, cluster/identity, network, etc.) that proce...
CVE-2018-1186
Dell EMC Isilon OneFS Web Console (Cluster description) contains cross-site scripting vulnerabilities across multiple versions. Affected: OneFS Web administration interface in Isilon clusters running 7.1.1.11, 7.2.1.x, 8.0.0.0–8.0.0.6, 8.0.1.0–8.0.1.2, 8.1.0.0–8.1.0.1. The root cause is insuffici...
CVE-2018-1187
Dell EMC Isilon OneFS (web UI) vulnerabilities: multiple XSS issues in the Network Configuration and related Web Console endpoints (CVE-2018-1187 and related CVEs such as 2018-1186, 1188, 1189, 1201–1204, 1213) allow remote injection of HTML/JS by authenticated users. Industry advisories (Core Se...
CVE-2018-1188
CVE-2018-1188 is a cross-site scripting vulnerability affecting Dell EMC Isilon OneFS Web UI (Authorization Providers page). Affected are OneFS versions 8.1.0.0–8.1.0.1, 8.0.1.0–8.0.1.2, 8.0.0.0–8.0.0.6, and 7.2.1.x. The issue arises from XSS in the Authorization Providers page, allowing injectio...
CVE-2018-1189
CVE-2018-1189 affects Dell EMC Isilon OneFS Web Console (Antivirus page) and is a cross-site scripting vulnerability. The issue arises in the Antivirus page of the OneFS web administration interface, enabling a malicious administrator to inject arbitrary HTML/JavaScript in a user’s browser sessio...
CVE-2020-5383
CVE-2020-5383 affects Dell EMC Isilon OneFS 8.2.2 and Dell EMC PowerScale OneFS 9.0.0. The vulnerability is a buffer overflow in the Likewise component that can be exploited by a remote, unauthenticated attacker to cause a process restart. Exploitation details are not provided in the supplied doc...