CVE-2017-6225
MEDIUMBrocade Fabric OS < 7.4.2b - Cross-Site Scripting in Web Management Interface
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information.
References (2)
Core 2
Core References
Various Sources x_refsource_confirm
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525
Vendor Advisory x_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03851en_us
Scores
CVSS v3
6.1
EPSS
0.0038
EPSS Percentile
59.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (6)
broadcom/fabric_operating_system
8.0.2
broadcom/fabric_operating_system
8.1.1
broadcom/fabric_operating_system
< 7.4.2b
brocade/fabric_os
8.0.1b1
brocade/fabric_os
8.0.2b1
brocade/fabric_os
8.1.0c1
Published
Feb 08, 2018
Tracked Since
Feb 18, 2026