Security Advisory

CVE-2021-27418

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-03-23 19:46:23

Last updated 2025-04-16 16:41:07

Assigner icscert

State PUBLISHED

Description

GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTML encoding of user-supplied strings.

← Browse all CVEs View on cve.org ↗