First published: Thu Feb 06 2020(Updated: )
Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A remote authenticated malicious user could exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Dell EMC Elastic Cloud Storage | <3.4.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-5317 is classified as a medium severity cross-site scripting (XSS) vulnerability.
To mitigate CVE-2020-5317, upgrade Dell EMC ECS to version 3.4.0.1 or later.
Users of Dell EMC Elastic Cloud Storage versions prior to 3.4.0.1 are affected by CVE-2020-5317.
CVE-2020-5317 is a cross-site scripting (XSS) vulnerability.
Attackers can exploit CVE-2020-5317 by storing malicious HTML or JavaScript in a trusted application data store, which executes in the browsers of victim users.