Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-1201Cross-site Scripting in Dell EMC Isilon

CWE-79Cross-site Scripting5 documents5 sources
Severity
4.8MEDIUMNVD
EPSS
2.2%
top 15.71%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Dell EMC IsilonDell EMC Isilon Onefs
Timeline
PublishedMar 26
Latest updateMay 14

Description

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job Operations Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

CVEListV5dell_emc/isilon_onefsversions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x and version 7.1.1.11
NVDdell/emc_isilon8.0.0.08.0.0.6+3

🔴Vulnerability Details

2
GHSA
GHSA-p4xq-4q7f-j3c5: Dell EMC Isilon versions between 82022-05-14
CVEList
CVE-2018-1201: Dell EMC Isilon versions between 82018-03-26

💥Exploits & PoCs

1
Exploit-DB
Dell EMC Isilon OneFS - Multiple Vulnerabilities2018-02-14

💬Community

1
Bugzilla
CVE-2018-16640 ImageMagick: memory leak in ReadOneJNGImage function in coders/png.c2018-09-07
CVE-2018-1201 — Cross-site Scripting in Dell EMC Isilon | cvebase