CVE-2018-16096
published 2018-11-27CVE-2018-16096: In System Management Module (SMM) versions prior to 1.06, the SMM web interface for changing Enclosure VPD fails to sufficiently sanitize all input for HTML…
medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
In System Management Module (SMM) versions prior to 1.06, the SMM web interface for changing Enclosure VPD fails to sufficiently sanitize all input for HTML tags, possibly opening a path for cross-site scripting.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lenovo | system_management_module_firmware | < 1.06 | 1.06 |
| lenovo | thinksystem_smm | >= unspecified < 1.06 | 1.06 |