CVE-2017-6225 — Cross-site Scripting in Fabric Operating System

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

6.1MEDIUMNVD

EPSS

1.1%

top 22.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Fabric Operating System Brocade Communications Systems INC Brocade Fabric OS Brocade Fabric OS

Timeline

PublishedFeb 8

Latest updateMay 13

Description

Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶NVDbrocade/fabric_os8.0.1b1, 8.0.2b1, 8.1.0c1+2

▶CVEListV5brocade_communications_systems_inc/brocade_fabric_osall versions before 7.4.2b, v8.1.2 and 8.2.0

▶NVDbroadcom/fabric_operating_system< 7.4.2b+2

🔴Vulnerability Details

GHSA

GHSA-rxhr-m56g-6fm6: Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) v↗2022-05-13

▶

CVEList

CVE-2017-6225: Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) v↗2018-02-08

▶

💥Exploits & PoCs

Exploit-DB

iOS/macOS - 'task_swap_mach_voucher()' Use-After-Free↗2019-01-25

▶

💬Community

Bugzilla

CVE-2016-6225 percona-xtrabackup: Encryption IV not being set properly↗2017-01-13

▶