CVE-2020-4987

MEDIUM

IBM FlashSystem 900 Firmware < 1.5.2.9 and <= 1.6.1.2 - Stored Cross-Site Scripting

Title source: llm
STIX 2.1

Description

The IBM FlashSystem 900 user management GUI is vulnerable to stored cross-site scripting in code versions 1.5.2.8 and prior and 1.6.1.2 and prior. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6449280
VDB Entry, Vendor Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/192702

Scores

CVSS v3 5.4
EPSS 0.0050
EPSS Percentile 39.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
ibm/flashsystem_900_firmware < 1.5.2.9
Published May 04, 2021
Tracked Since Feb 18, 2026