Security Advisory - Cross-Site Scripting (XSS)

A recent automated security scan of the File Fabric detected a potential XSS issue in v1906. Although we are not aware of any real-world exploits taking advantage of this issue, as is our standard practice we are issuing this advisory with the recommended resolution.

Please note that this issue does not exist in versions of the File Fabric later than v1906.09.

Please follow these instructions:

https://docs.storagemadeeasy.com/cloudappliance/2006/upgrade-guide

to upgrade your File Fabric to the latest version, v2006.03.

Although we strongly recommend upgrading to v2006.03 as described above, customers using v1906.09 also have the option of applying a patch to resolve the issue.

The patch can be downloaded here:

https://download.storagemadeeasy.com/patches/patch_public_html_1906.09.09_SME-5791.tar.gz

and instructions for applying a patch are here:

https://docs.storagemadeeasy.com/cloudappliance/patches

If you are running v1906 with a service pack older than 1906.09, you should first upgrade to v1906.09 by following these instructions:

https://docs.storagemadeeasy.com/cloudappliance/1906/upgrade-guide

and then apply the patch as described above.

Please contact us at support@storagemadeeasy.com if you have any questions.