CVE-2011-1086

Name of the Vulnerable Software and Affected Versions Openfiler version 2.3

Description A cross-site scripting (XSS) issue exists in the admin/system.html file, allowing remote attackers to inject arbitrary web script or HTML via the device parameter. This enables attackers to potentially execute malicious scripts on the victim's browser.

Recommendations For Openfiler version 2.3, update the software to a version that fixes this issue, as the current version allows for the injection of malicious scripts via the device parameter in the admin/system.html file. At the moment, there is no information about a newer version that contains a fix for this vulnerability.