CVE-2023-26789
Summary
| CVE | CVE-2023-26789 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-04-05 13:15:00 UTC |
| Updated | 2023-04-11 14:46:00 UTC |
| Description | Veritas NetBackUp OpsCenter Version 9.1.0.1 is vulnerable to Reflected Cross-site scripting (XSS). The Web App fails to adequately sanitize special characters. By leveraging this issue, an attacker is able to cause arbitrary HTML and JavaScript code to be executed in a user's browser. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Veritas | Netbackup Opscenter | 9.1.0.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| GitHub - IthacaLabs/Veritas-Technologies | MISC | github.com | |
| Veritas-Technologies/XSS.txt at main · IthacaLabs/Veritas-Technologies · GitHub | MISC | github.com | |
| Veritas-Technologies/XSS_CVE-2023-26789.txt at main · IthacaLabs/Veritas-Technologies · GitHub | MISC | github.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.