Veritas NetBackUp OpsCenter Version 9.1.0.1 is vulnerable to Reflected Cross-site scripting (XSS). The Web App fails to adequately sanitize special characters. By leveraging this issue, an attacker is able to cause arbitrary HTML and JavaScript code to be executed in a user's browser.
References
Configurations
History
11 Apr 2023, 14:46
Type | Values Removed | Values Added |
---|---|---|
First Time |
Veritas
Veritas netbackup Opscenter |
|
CWE | CWE-79 | |
References | (MISC) https://github.com/IthacaLabs/Veritas-Technologies - Third Party Advisory | |
References | (MISC) https://github.com/IthacaLabs/Veritas-Technologies/blob/main/Veritas%20NetBackUp%20OpsCenter%20Version%209.1.0.1/Reflected%20XSS/XSS_CVE-2023-26789.txt - Third Party Advisory | |
References | (MISC) https://github.com/IthacaLabs/Veritas-Technologies/blob/main/Veritas%20NetBackUp%20OpsCenter%20Version%209.1.0.1/Reflected%20XSS/XSS.txt - Broken Link | |
CPE | cpe:2.3:a:veritas:netbackup_opscenter:9.1.0.1:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
10 Apr 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Apr 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-05 13:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-26789
Mitre link : CVE-2023-26789
CVE.ORG link : CVE-2023-26789
JSON object : View
Products Affected
veritas
- netbackup_opscenter
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')