N/A

The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to XSS attack by sending messages with malicious commands to the affected device.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Hikvision Hybrid SAN/Cluster Storage 跨站脚本漏洞

Hikvision Hybrid SAN/Cluster Storage Products是中国海康威视（Hikvision）公司的一系列经济可靠的混合 SAN（存储区域网络）产品。 Hikvision Hybrid SAN/Cluster Storage存在安全漏洞，该漏洞源于 web 模块输入验证不足。攻击者利用该漏洞通过发送带有恶意命令的消息来进行跨站脚本攻击。

N/A

N/A