← back
CVE-2018-1188

CVE-2018-1188

EPSS 1.9%
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
Affected products
Dell EMC · Isilon OneFS
public PoCs found2
cve_referencewww.exploit-db.com/exploits/44039/unverifiedexploitdbwww.exploit-db.com/exploits/44039unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://seclists.org/fulldisclosure/2018/Mar/50https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilitieshttps://www.exploit-db.com/exploits/44039/http://www.securityfocus.com/bid/103033