Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2018-1188 — Cross-site Scripting in Dell EMC Isilon
Severity
4.8MEDIUMNVD
EPSS
2.2%
top 15.71%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedMar 26
Latest updateMay 14
Description
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7
Affected Packages3 packages
▶CVEListV5dell_emc/isilon_onefsversions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x
🔴Vulnerability Details
4GHSA▶
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins↗2018-10-17
💥Exploits & PoCs
1💬Community
3Bugzilla▶
CVE-2018-2790 OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969)↗2018-04-17
Bugzilla▶
CVE-2018-2815 OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757)↗2018-04-14
Bugzilla▶
CVE-2018-2798 OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989)↗2018-04-14