Huawei Oceanstor Ism V200r001c01 Cross Site Scripting Vulnerability
15 Dec. 2016
Cross-site scripting (XSS) vulnerability in the management interface in Huawei OceanStor ISM before V200R001C04SPC200 allows remote attackers to inject arbitrary web script or HTML via the loginName parameter to cgi-bin/doLogin_CgiEntry and possibly other vectors.
* Huawei Oceanstor Ism V200r001c01
* Huawei Oceanstor Ism V200r001c02
* Huawei Oceanstor Ism V200r001c03
The ISM consists of device management software, cloud storage management software, and storage network management software. The device management software, downloaded over JWS or installed through a CD-ROM, is applies to the management of Huawei Symantec storage devices, the cloud storage management software applies to the management of Huawei Symantec storage devices and resources and the storage network management software applies to the management of Huawei Symantec SAN storage devices. The cloud storage management software and storage network management software are deployed on independent servers and users can access the software through browsers.