Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-1186Cross-site Scripting in Dell EMC Isilon

CWE-79Cross-site Scripting5 documents5 sources
Severity
4.8MEDIUMNVD
EPSS
2.2%
top 15.71%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Dell EMC IsilonDell EMC Isilon Onefs
Timeline
PublishedMar 26
Latest updateMay 14

Description

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

CVEListV5dell_emc/isilon_onefsversions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x and version 7.1.1.11
NVDdell/emc_isilon7.2.1.07.2.1.6+4

🔴Vulnerability Details

2
GHSA
GHSA-2gw8-rmq5-c5gv: Dell EMC Isilon versions between 82022-05-14
CVEList
CVE-2018-1186: Dell EMC Isilon versions between 82018-03-26

💥Exploits & PoCs

1
Exploit-DB
Dell EMC Isilon OneFS - Multiple Vulnerabilities2018-02-14

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2018-10-292018-10-29
CVE-2018-1186 — Cross-site Scripting in Dell EMC Isilon | cvebase