Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-26789

Veritas NetBackUp OpsCenter Version 9.1.0.1 is vulnerable to Reflected Cross-site scripting (XSS). The Web App fails to adequately sanitize special characters. By leveraging this issue, an attacker is able to cause arbitrary HTML and JavaScript code to be executed in a user's browser.

Published

2023-04-05T13:15:06.963

Last Modified

2025-02-13T17:16:12.447

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses

Type: Primary
CWE-79
Type: Secondary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	veritas	netbackup_opscenter	9.1.0.1	Yes

References

https://github.com/IthacaLabs/Veritas-Technologies Third Party Advisory ([email protected])
https://github.com/IthacaLabs/Veritas-Technologies/blob/main/Veritas%20NetBackUp%20OpsCenter%20Version%209.1.0.1/Reflected%20XSS/XSS.txt Broken Link ([email protected])
https://github.com/IthacaLabs/Veritas-Technologies/blob/main/Veritas%20NetBackUp%20OpsCenter%20Version%209.1.0.1/Reflected%20XSS/XSS_CVE-2023-26789.txt Third Party Advisory ([email protected])
https://github.com/IthacaLabs/Veritas-Technologies Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/IthacaLabs/Veritas-Technologies/blob/main/Veritas%20NetBackUp%20OpsCenter%20Version%209.1.0.1/Reflected%20XSS/XSS.txt Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/IthacaLabs/Veritas-Technologies/blob/main/Veritas%20NetBackUp%20OpsCenter%20Version%209.1.0.1/Reflected%20XSS/XSS_CVE-2023-26789.txt Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)