CVE-2020-4987
MEDIUMIBM FlashSystem 900 Firmware < 1.5.2.9 and <= 1.6.1.2 - Stored Cross-Site Scripting
Title source: llmDescription
The IBM FlashSystem 900 user management GUI is vulnerable to stored cross-site scripting in code versions 1.5.2.8 and prior and 1.6.1.2 and prior. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6449280
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/192702
Scores
CVSS v3
5.4
EPSS
0.0050
EPSS Percentile
39.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
ibm/flashsystem_900_firmware
< 1.5.2.9
Published
May 04, 2021
Tracked Since
Feb 18, 2026