CVE-2015-0513

Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging privileged access to set crafted values of unspecified fields.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:P/A:N
dellCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
emcwatch4net
𝑥
≤ 6.5
emcvipr_srm
𝑥
≤ 3.6.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html
http://www.securityfocus.com/bid/72259
http://www.securitytracker.com/id/1031567
http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html
http://www.securityfocus.com/bid/72259
http://www.securitytracker.com/id/1031567