1. Home
  2. CVE Database
  3. CVE-2019-18578
CRITICAL · 9.0

CVE-2019-18578

Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HT...

Vulnerability Description

Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HTML or JavaScript code in application fields. When victim users access the injected page through their browsers, the malicious code may be executed by the web browser in the context of the vulnerable web application.

CVSS Score

9.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
DellXtremio Management Server< 6.3.0

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2019-18578?

CVE-2019-18578 is a vulnerability with a CVSS score of 9.0 (CRITICAL). Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HT...

How severe is CVE-2019-18578?

CVE-2019-18578 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-18578?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Xtremio Management Server.