Security Advisory - XSS Vulnerability in Huawei OceanStor ISM

The OceanStor ISM is an integrated system management software product that allows users to manages CSS, view CSS alarms and some other types of basic information, and configure basic functions.

The management interface of the OceanStor ISM has a XSS vulnerability because the system does not escape special characters. As a result, attackers could insert special characters to modify data and compromise the target device. (Vulnerability ID: HWPSIRT-2016-07089).

This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-6840.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160818-01-ism-en