The IBM FlashSystem 900 user management GUI is vulnerable to stored cross-site scripting in code versions 1.5.2.8 and prior and 1.6.1.2 and prior. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/192702 | VDB Entry Vendor Advisory |
https://www.ibm.com/support/pages/node/6449280 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: ibm
Published: 2021-05-03T00:00:00
Updated: 2021-05-14T11:33:34
Reserved: 2019-12-30T00:00:00
Link: CVE-2020-4987
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-05-04T16:15:07.827
Modified: 2022-01-01T18:03:56.647
Link: CVE-2020-4987
JSON object: View
Redhat Information
No data.
CWE