CVE-2018-6447Cross-site Scripting in Fabric OS

CWE-79Cross-site Scripting4 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
0.3%
top 46.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Brocade Fabric OSBroadcom Fabric Operating System
Timeline
PublishedSep 25
Latest updateMay 24

Description

A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

CVEListV5brocade/brocade_fabric_osBrocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g

🔴Vulnerability Details

2
GHSA
GHSA-g72w-p563-r83r: A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v92022-05-24
CVEList
CVE-2018-6447: A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v92020-09-25

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 11 (Windows 7 x86/x64) - vbscript Code Execution2018-05-21
CVE-2018-6447 — Cross-site Scripting in Fabric OS | cvebase