PT-2010-4810 · Dell · Powerstore
R0T
·
Publicado
2010-09-16
·
Atualizado
2017-08-17
·
CVE-2010-3420
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
PowerStore version 3.0
Description
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the
totalRows WADAProducts parameter in the Products Results.php file.Recommendations
For PowerStore version 3.0, update the Products Results.php file to properly sanitize the
totalRows WADAProducts parameter to prevent XSS attacks. As a temporary workaround, consider restricting access to the Products Results.php file until a patch is available.Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Powerstore