CVE-2025-26514

Medium CVSS: 6.4

StorageGRID (formerly
StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are
susceptible to a Reflected Cross-Site Scripting vulnerability.
Successful exploit could allow an attacker to view or modify
configuration settings or add or modify user accounts but requires the
attacker to know specific information about the target instance and then
trick a privileged user into clicking a specially crafted link.

Vendor

Netapp

Product

Storagegrid

CWE

CWE-79

Yayın Tarihi

2025-09-19 19:15:38

Güncelleme

2025-09-23 14:32:00

Source Identifier

security-alert@netapp.com

KEV Date Added

Kategoriler

CWE-79 Storagegrid MEDIUM Netapp 2025

Referanslar

https://security.netapp.com/advisory/NTAP-20250910-0001

Benzer Kayıtlar

Medium

CVE-2026-22052

ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Success…

Medium

CVE-2026-22050

ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to 9.17.1P2 with snapshot locking enabled are susceptible to a…

High

CVE-2025-26515

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 without Single Sign-on enabled ar…

Medium

CVE-2025-26516

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a Denial of Se…

Medium

CVE-2025-26517

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a privilege es…

High

CVE-2025-26513

The installer for SAN Host Utilities for Windows versions prior to 8.0 is susceptible to a vulnerability which when succ…