PT-2026-54015 · Stonefly · Storage Concentrator+1

David Yesland

·

Published

2026-06-30

·

Updated

2026-06-30

·

CVE-2026-50040

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Storage Concentrator (SC & SCVM) is vulnerable to reflected cross-site scripting due to unsanitized content being echoed back in 404 error pages. An attacker can craft a malicious URL that, when visited by an authenticated user, causes arbitrary script content to execute within the victim's browser session in the context of the application. This could be leveraged to steal session cookies, redirect users, or perform unauthorized actions on behalf of the victim.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-50040

Affected Products

Storage Concentrator
Storage Concentrator Virtual Machine