Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
Lifecycle Timeline
6DescriptionCVE.org
Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Analytics probe component), Hitachi Ops Center Analyzer.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00.
AnalysisAI
A Cross-Site Scripting (XSS) vulnerability exists in the Analytics probe component of Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer. The flaw allows authenticated attackers with low privileges to execute malicious scripts in users' browsers, potentially leading to high confidentiality impact, low integrity impact, and low availability impact due to the changed scope (CVSS 8.2). There is no current indication of active exploitation (not in CISA KEV) or publicly available proof-of-concept code.
Technical ContextAI
This vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation), commonly known as Cross-Site Scripting. The affected products are Hitachi Infrastructure Analytics Advisor (specifically the Analytics probe component) identified by CPE cpe:2.3:a:hitachi:hitachi_infrastructure_analytics_advisor:*:*:*:*:*:*:*:* and Hitachi Ops Center Analyzer versions from 10.0.0-00 before 11.0.5-00 identified by CPE cpe:2.3:a:hitachi:hitachi_ops_center_analyzer:*:*:*:*:*:*:*:*. These are enterprise infrastructure monitoring and analytics platforms that collect, analyze, and visualize data from storage systems and IT infrastructure. The XSS vulnerability likely exists in web-based dashboard or reporting interfaces where user-supplied input is not properly sanitized before being rendered in the browser, allowing script injection.
RemediationAI
Organizations should upgrade Hitachi Ops Center Analyzer to version 11.0.5-00 or later as specified in the vendor advisory at https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-114/index.html. For Hitachi Infrastructure Analytics Advisor, consult the same advisory for specific patching guidance regarding the Analytics probe component. Until patching is complete, implement defense-in-depth measures including Content Security Policy (CSP) headers to restrict script execution, input validation at application entry points, and Web Application Firewall (WAF) rules to detect and block XSS attempts. Limit access to the analytics interfaces to trusted users and networks, and educate users about the risks of clicking suspicious links or interacting with untrusted content within the application.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-15186
GHSA-fx3v-mjwv-84rw