exploitDog

GHSA-5wwq-x656-63fj

Опубликовано: 01 июл. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Ссылки

EPSS

Процентиль: 4%

0.0002

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-2141

CVSS3: 6.1

nvd

7 месяцев назад

IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

BDU:2025-09842

CVSS3: 6.1

fstec

7 месяцев назад

Уязвимость веб-интерфейса платформы виртуализации систем хранения данных IBM System Storage Virtualization Engine, позволяющая нарушителю выполнить произвольный JavaScript-код и раскрыть защищаемую информацию

EPSS

Процентиль: 4%

0.0002

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79