CVE-2018-6449 — Cross-site Scripting in Fabric Operating System

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 49.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Fabric Operating System Brocade Fabric OS

Timeline

PublishedSep 25

Latest updateMay 24

Description

Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5brocade/brocade_fabric_osBrocade Fabric OS versions before v9.0.0

▶NVDbroadcom/fabric_operating_system< 9.0.0

🔴Vulnerability Details

GHSA

GHSA-58h4-fw5x-m6gj: Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9↗2022-05-24

▶

CVEList

CVE-2018-6449: Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9↗2020-09-25

▶