PT-2010-4810 · Dell · Powerstore
R0T
·
Published
2010-09-16
·
Updated
2017-08-17
·
CVE-2010-3420
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
PowerStore version 3.0
Description
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the
totalRows WADAProducts parameter in the Products Results.php file.Recommendations
For PowerStore version 3.0, update the Products Results.php file to properly sanitize the
totalRows WADAProducts parameter to prevent XSS attacks. As a temporary workaround, consider restricting access to the Products Results.php file until a patch is available.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Powerstore