CVE Catalog

CVE-2024-30476

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Summary

PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privileged malicious actor could potentially exploit this vulnerability, which could lead to script execution in the client browser.

Risk Assessment

Exploitation of this vulnerability may lead to unauthorized script execution in user browsers, posing a risk of data theft or session hijacking.

Recommendation

It is recommended to update PowerStore to the latest version and implement appropriate security measures to mitigate the risk of XSS attacks.

Original NVD description (English source)

PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privileged malicious actor could potentially exploit this vulnerability, it could lead to script execution in the client browser.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS