Analysis and contextual insights are available on OpenCVE Cloud.
Vendor Solution
StoneFly recommends that users upgrade to Storage Concentrator version 8.0.4.29 or later to remediate these vulnerabilities.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 30 Jun 2026 22:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Storage Concentrator (SC & SCVM) is vulnerable to reflected cross-site scripting due to unsanitized content being echoed back in 404 error pages. An attacker can craft a malicious URL that, when visited by an authenticated user, causes arbitrary script content to execute within the victim's browser session in the context of the application. This could be leveraged to steal session cookies, redirect users, or perform unauthorized actions on behalf of the victim. | |
| Title | Cross-site Scripting in StoneFly Storage Concentrator | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: icscert
Published:
Updated: 2026-06-30T22:27:37.001Z
Reserved: 2026-06-22T20:13:36.524Z
Link: CVE-2026-50040
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-06-30T23:30:04Z