Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-1202Cross-site Scripting in Dell EMC Isilon

CWE-79Cross-site Scripting5 documents5 sources
Severity
4.8MEDIUMNVD
EPSS
2.2%
top 15.71%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Dell EMC IsilonDell EMC Isilon Onefs
Timeline
PublishedMar 26
Latest updateMay 14

Description

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

CVEListV5dell_emc/isilon_onefsversions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6 and version 7.1.1.11
NVDdell/emc_isilon8.0.0.08.0.0.6+3

🔴Vulnerability Details

2
GHSA
GHSA-4rq9-cr85-x54x: Dell EMC Isilon versions between 82022-05-14
CVEList
CVE-2018-1202: Dell EMC Isilon versions between 82018-03-26

💥Exploits & PoCs

1
Exploit-DB
Dell EMC Isilon OneFS - Multiple Vulnerabilities2018-02-14

💬Community

1
Bugzilla
CVE-2018-2811 Oracle JDK: unspecified vulnerability fixed in 8u171 and 10.0.1 (Install)2018-04-18
CVE-2018-1202 — Cross-site Scripting in Dell EMC Isilon | cvebase