CVE-2021-26587

MEDIUM

HPE StoreOnce < 4.2.3 - DOM-based Cross-Site Scripting

Title source: llm

Description

A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to partial impact to confidentiality, availability, and integrity. HPE has made the following software update - HPE StoreOnce 4.3.0, to resolve the vulnerability in HPE StoreOnce.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04176en_us

Scores

CVSS v3 6.5

EPSS 0.0030

EPSS Percentile 53.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Details

CWE

CWE-79

Status published

Products (6)

hpe/storeonce_3620_firmware < 4.2.3

hpe/storeonce_3640_firmware < 4.2.3

hpe/storeonce_5200_firmware < 4.2.3

hpe/storeonce_5250_firmware < 4.2.3

hpe/storeonce_5650_firmware < 4.2.3

hpe/storeonce_vsa_4tb_firmware < 4.2.3

Published Sep 27, 2021

Tracked Since Feb 18, 2026