CVE-2025-26514 | THREATINT

Description

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a Reflected Cross-Site Scripting vulnerability. Successful exploit could allow an attacker to view or modify configuration settings or add or modify user accounts but requires the attacker to know specific information about the target instance and then trick a privileged user into clicking a specially crafted link.

PUBLISHED Reserved 2025-02-11 | Published 2025-09-19 | Updated 2025-09-19 | Assigner netapp

MEDIUM: 6.4CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Product status

Default status

unaffected

Any version before 11.8.0.15

affected

Any version before 11.9.0.8

affected

References

security.netapp.com/advisory/NTAP-20250910-0001

cve.org (CVE-2025-26514)

nvd.nist.gov (CVE-2025-26514)

Download JSON