Vulnerability Details CVE-2018-1189
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.056
EPSS Ranking 89.8%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
- http://seclists.org/fulldisclosure/2018/Mar/50
- http://www.securityfocus.com/bid/103033
- https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities
- https://www.exploit-db.com/exploits/44039/
- http://seclists.org/fulldisclosure/2018/Mar/50
- http://www.securityfocus.com/bid/103033
- https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities
- https://www.exploit-db.com/exploits/44039/
Products affected by CVE-2018-1189
-
cpe:2.3:a:dell:emc_isilon:7.1.1.11
-
cpe:2.3:a:dell:emc_isilon:7.2.1.0
-
cpe:2.3:a:dell:emc_isilon:7.2.1.1
-
cpe:2.3:a:dell:emc_isilon:7.2.1.2
-
cpe:2.3:a:dell:emc_isilon:7.2.1.3
-
cpe:2.3:a:dell:emc_isilon:7.2.1.4
-
cpe:2.3:a:dell:emc_isilon:7.2.1.5
-
cpe:2.3:a:dell:emc_isilon:7.2.1.6
-
cpe:2.3:a:dell:emc_isilon:8.0.0.0
-
cpe:2.3:a:dell:emc_isilon:8.0.0.1
-
cpe:2.3:a:dell:emc_isilon:8.0.0.2
-
cpe:2.3:a:dell:emc_isilon:8.0.0.3
-
cpe:2.3:a:dell:emc_isilon:8.0.0.4
-
cpe:2.3:a:dell:emc_isilon:8.0.0.5
-
cpe:2.3:a:dell:emc_isilon:8.0.0.6
-
cpe:2.3:a:dell:emc_isilon:8.0.1.0
-
cpe:2.3:a:dell:emc_isilon:8.0.1.1
-
cpe:2.3:a:dell:emc_isilon:8.0.1.2
-
cpe:2.3:a:dell:emc_isilon:8.1.0.0
-
cpe:2.3:a:dell:emc_isilon:8.1.0.1