Critical vulnerability in Dell EMC XtremIO XMS
The cross-site scripting vulnerability in Dell EMC XtremIO XMS primarily puts web applications users at risk. It allows cybercriminals to execute malicious code at victims’ computers through web browsers applications. This vulnerability has been flagged as critical by Dell.
CVE-2019-18578 is a cross-site scripting vulnerability, which is stored in Dell EMC XtremIO XMS versions prior to 6.3.0. When exploited, the vulnerability could allow a low-privileged malicious remote user to store malicious code in application fields.
When victims access the injected web page disguised as a web application, cybercriminals could run a malicious code, which will be executed by web browser applications.
XtremIO from Dell EMC is an enterprise storage platform that works with flash media. Dell EMC XtremIO platform is designed to improve application performance, courtesy of its data reduction and copy data management capabilities.
At the time of reporting, CVE-2019-18578 vulnerability is awaiting further analysis.
Cross-Site Scripting (XSS) allows a code is a code injection attack, which allows the injection of malicious code into a website or web app. It is regarded as one of the highly-common website attacks.
As Tenable explains, the attack occurs because the application is taking untrusted data (in this example, from the client) and reusing it without performing any validation or sanitization.
“If the injected script is returned immediately this is known as reflected XSS. If the injected script is stored by the server and returned to any client visiting the affected page, then this is known as persistent XSS (also stored XSS).”
In the past, we have seen cybercriminals using cross-site scripting (XSS) attacks to steal stored passwords from web browser applications.