CVE-2019-3708 HIGH

CVE-2019-3708: Cross-Site Scripting Vulnerability in OVA file upload feature

Vendor Dell Emc
Product Dell EMC IsilonSD Management Server
Published April 17, 2019
Last update September 17, 2024

CVSS base score

8.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an OVA file. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user.

Key dates

02Disclosure timeline

April 17, 2019 CVE published
September 17, 2024 Record updated