CVE-2025-26514
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-19
Last updated on: 2025-09-23
Assigner: NetApp, Inc.
Description
Description
StorageGRID (formerly
StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are
susceptible to a Reflected Cross-Site Scripting vulnerability.
Successful exploit could allow an attacker to view or modify
configuration settings or add or modify user accounts but requires the
attacker to know specific information about the target instance and then
trick a privileged user into clicking a specially crafted link.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netapp | storagegrid | to 11.8.0.15 (exc) |
| netapp | storagegrid | From 11.9.0 (inc) to 11.9.0.8 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
