Published: 21/01/2015 Updated: 03/01/2017

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in EMC M&R (aka Watch4Net) prior to 6.5u1 and ViPR SRM prior to 3.6.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging privileged access to set crafted values of unspecified fields.

Vulnerable Product	Search on Vulmon	Subscribe to Product
emc watch4net
emc vipr srm

A cross site scripting vulnerability was found in EMC M&R (Watch4net) Web Portal This issue allows attackers to replace the report that is shown at startup, the attackers payload will be stored in the user's profile and will be executed every time the victim logs in ...

A cross site scripting vulnerability was found in EMC M&R (Watch4net) Centralized Management Console This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4n ...

A cross site scripting vulnerability was found in EMC M&R (Watch4net) Alerting Frontend This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net ...

CWE-79 http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html http://www.securityfocus.com/bid/72259 http://www.securitytracker.com/id/1031567 https://nvd.nist.gov https://packetstormsecurity.com/files/130917/EMC-M-R-Watch4net-Web-Portal-Report-Favorites-XSS.html

CVE-2015-0513

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect