Vulnerability Details CVE-2018-1187
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6 is affected by a cross-site scripting vulnerability in the Network Configuration page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.022
EPSS Ranking 83.4%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
- http://seclists.org/fulldisclosure/2018/Mar/50
- http://www.securityfocus.com/bid/103033
- https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities
- https://www.exploit-db.com/exploits/44039/
- http://seclists.org/fulldisclosure/2018/Mar/50
- http://www.securityfocus.com/bid/103033
- https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities
- https://www.exploit-db.com/exploits/44039/
Products affected by CVE-2018-1187
-
cpe:2.3:a:dell:emc_isilon:8.0.0.0
-
cpe:2.3:a:dell:emc_isilon:8.0.0.1
-
cpe:2.3:a:dell:emc_isilon:8.0.0.2
-
cpe:2.3:a:dell:emc_isilon:8.0.0.3
-
cpe:2.3:a:dell:emc_isilon:8.0.0.4
-
cpe:2.3:a:dell:emc_isilon:8.0.0.5
-
cpe:2.3:a:dell:emc_isilon:8.0.0.6
-
cpe:2.3:a:dell:emc_isilon:8.0.1.0
-
cpe:2.3:a:dell:emc_isilon:8.0.1.1
-
cpe:2.3:a:dell:emc_isilon:8.0.1.2
-
cpe:2.3:a:dell:emc_isilon:8.1.0.0
-
cpe:2.3:a:dell:emc_isilon:8.1.0.1