CVSS: 4.8EPSS: 0%CPEs: 5EXPL: 2CVE-2018-1189 – Dell EMC Isilon OneFS - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-1189
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. Dell EMC Isilon en versiones entre la 8.1.0.0 y la 8.1.0.1, la 8.0.1.0 y la 8.0.1.2 y entre la 8.0.0.0 y la 8.0.0.6; versiones 7.2.1.x y versión 7.1.1.11 contiene una vulnerabilidad de Cross-Site Scripting (XSS) en la página Antivirus dentro de la interfaz de administración web OneFS. Un administrador malicioso podría inyectar código HTML o JavaScript arbitrario en la sesión del navegador del usuario, en el contexto del sitio web OneFS. Dell EMC Isilon OneFS suffers from code execution, cross site request forgery, and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/44039 http://seclists.org/fulldisclosure/2018/Mar/50 http://www.securityfocus.com/bid/103033 https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •