Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-44286

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-14 Dec, 2023 | 15:35
Updated At-02 Aug, 2024 | 19:59
Rejected At-
Credits

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a DOM-based Cross-Site Scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the injection of malicious HTML or JavaScript code to a victim user's DOM environment in the browser. . Exploitation may lead to information disclosure, session theft, or client-side request forgery.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:14 Dec, 2023 | 15:35
Updated At:02 Aug, 2024 | 19:59
Rejected At:
▼CVE Numbering Authority (CNA)

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a DOM-based Cross-Site Scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the injection of malicious HTML or JavaScript code to a victim user's DOM environment in the browser. . Exploitation may lead to information disclosure, session theft, or client-side request forgery.

Affected Products
Vendor
Dell Inc.Dell
Product
PowerProtect DD
Default Status
unaffected
Versions
Affected
  • Versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110ersions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Dell Technologies would like to thank Jakub Brzozowski (redfr0g), Franciszek Kalinowski, and Stanisław Koza from STM Cyber for reporting these issues.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities
vendor-advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities
vendor-advisory
x_transferred
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities
Resource:
vendor-advisory
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:14 Dec, 2023 | 16:15
Updated At:27 Dec, 2023 | 19:30

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a DOM-based Cross-Site Scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the injection of malicious HTML or JavaScript code to a victim user's DOM environment in the browser. . Exploitation may lead to information disclosure, session theft, or client-side request forgery.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Dell Inc.
dell
>>powerprotect_data_protection>>Versions before 2.7.6(exclusive)
cpe:2.3:a:dell:powerprotect_data_protection:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>dp4400>>-
cpe:2.3:h:dell:dp4400:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>dp5900>>-
cpe:2.3:h:dell:dp5900:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>apex_protection_storage>>Versions before 6.2.1.110(exclusive)
cpe:2.3:a:dell:apex_protection_storage:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>apex_protection_storage>>Versions from 7.0(inclusive) to 7.10.1.15(exclusive)
cpe:2.3:a:dell:apex_protection_storage:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>powerprotect_data_domain>>Versions before 6.2.1.110(exclusive)
cpe:2.3:a:dell:powerprotect_data_domain:*:*:*:*:virtual:*:*:*
Dell Inc.
dell
>>powerprotect_data_domain>>Versions from 7.0(inclusive) to 7.12.0.0(exclusive)
cpe:2.3:a:dell:powerprotect_data_domain:*:*:*:*:virtual:*:*:*
Dell Inc.
dell
>>powerprotect_data_domain_management_center>>Versions before 6.2.1.110(exclusive)
cpe:2.3:a:dell:powerprotect_data_domain_management_center:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>powerprotect_data_domain_management_center>>Versions from 7.0(inclusive) to 7.13.0.10(exclusive)
cpe:2.3:a:dell:powerprotect_data_domain_management_center:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>emc_data_domain_os>>Versions before 6.2.1.110(exclusive)
cpe:2.3:o:dell:emc_data_domain_os:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>emc_data_domain_os>>Versions from 7.0(inclusive) to 7.12.0.0(exclusive)
cpe:2.3:o:dell:emc_data_domain_os:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>emc_data_domain_os>>Versions from 7.7(inclusive) to 7.7.5.25(exclusive)
cpe:2.3:o:dell:emc_data_domain_os:*:*:*:*:lts2022:*:*:*
Dell Inc.
dell
>>emc_data_domain_os>>Versions from 7.10(inclusive) to 7.10.1.15(exclusive)
cpe:2.3:o:dell:emc_data_domain_os:*:*:*:*:lts2023:*:*:*
Dell Inc.
dell
>>powerprotect_data_domain_management_center>>Versions from 7.7(inclusive) to 7.7.5.25(exclusive)
cpe:2.3:o:dell:powerprotect_data_domain_management_center:*:*:*:*:lts2022:*:*:*
Dell Inc.
dell
>>powerprotect_data_domain_management_center>>Versions from 7.10(inclusive) to 7.10.1.15(exclusive)
cpe:2.3:o:dell:powerprotect_data_domain_management_center:*:*:*:*:lts2023:*:*:*
Dell Inc.
dell
>>dd3300>>-
cpe:2.3:h:dell:dd3300:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>dd6400>>-
cpe:2.3:h:dell:dd6400:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>dd6900>>-
cpe:2.3:h:dell:dd6900:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>dd9400>>-
cpe:2.3:h:dell:dd9400:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>dd9900>>-
cpe:2.3:h:dell:dd9900:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE-79Secondarysecurity_alert@emc.com
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-79
Type: Secondary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilitiessecurity_alert@emc.com
Vendor Advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities
Source: security_alert@emc.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

9136Records found
CVE-2025-36605
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.08% / 24.51%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 14:04
Updated-15 Aug, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-21577
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.27% / 50.21%
||
7 Day CHG~0.00%
Published-03 Aug, 2021 | 15:30
Updated-17 Sep, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.

Action-Not Available
Vendor-Dell Inc.
Product-emc_idrac9_firmwareIntegrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-21541
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.76% / 72.38%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 20:55
Updated-16 Sep, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9_firmwareIntegrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-21576
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.27% / 50.21%
||
7 Day CHG~0.00%
Published-03 Aug, 2021 | 15:30
Updated-17 Sep, 2024 | 00:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.

Action-Not Available
Vendor-Dell Inc.
Product-emc_idrac9_firmwareIntegrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-29091
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.35% / 56.77%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 15:20
Updated-16 Sep, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. An Unauthenticated Remote Attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentunityvsa_operating_environmentunity_xt_operating_environmentUnity
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-29096
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.48% / 64.20%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 17:00
Updated-16 Sep, 2024 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in saveGroupConfigurations page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-5334
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.71% / 71.24%
||
7 Day CHG~0.00%
Published-04 May, 2020 | 18:50
Updated-16 Sep, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contains a Document Object Model (DOM) based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application.

Action-Not Available
Vendor-Dell Inc.RSA Security LLC
Product-archerRSA Archer
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-26198
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.30% / 53.05%
||
7 Day CHG~0.00%
Published-16 Dec, 2020 | 15:50
Updated-17 Sep, 2024 | 03:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting vulnerability in the iDRAC9 web application. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9_firmwareidrac9Integrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-21581
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 47.87%
||
7 Day CHG~0.00%
Published-03 Aug, 2021 | 15:30
Updated-16 Sep, 2024 | 22:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.

Action-Not Available
Vendor-Dell Inc.
Product-emc_idrac9_firmwareIntegrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-5336
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-4.6||MEDIUM
EPSS-0.62% / 69.08%
||
7 Day CHG~0.00%
Published-04 May, 2020 | 18:50
Updated-17 Sep, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL injection vulnerability. An unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious JavaScript code on the affected system.

Action-Not Available
Vendor-Dell Inc.RSA Security LLC
Product-archerRSA Archer
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2022-33929
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.84% / 73.75%
||
7 Day CHG~0.00%
Published-10 Aug, 2022 | 16:31
Updated-17 Sep, 2024 | 04:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in EndUserSummary page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-22454
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-1.10% / 77.12%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 07:35
Updated-09 May, 2025 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_managerPowerProtect Data Manager
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2021-36322
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.67% / 70.44%
||
7 Day CHG~0.00%
Published-20 Nov, 2021 | 01:40
Updated-17 Sep, 2024 | 01:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections.

Action-Not Available
Vendor-Dell Inc.
Product-x1008px1018_firmwarex4012x1052p_firmwarex1008p_firmwarex1026x4012_firmwarex1026p_firmwarex1018p_firmwarex1018x1026px1008_firmwarex1052_firmwarex1052x1026_firmwarex1008x1018px1052pNetworking X-Series
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2022-45102
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.4||MEDIUM
EPSS-0.29% / 52.36%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 05:11
Updated-26 Mar, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary \u2018Host\u2019 header values to poison a web cache or trigger redirections.

Action-Not Available
Vendor-Dell Inc.
Product-dp5900emc_data_protection_centraldp5900_firmwaredp4400_firmwaredp4400Data Protection Central
CWE ID-CWE-644
Improper Neutralization of HTTP Headers for Scripting Syntax
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CVE-2025-24381
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.09% / 27.20%
||
7 Day CHG-0.06%
Published-28 Mar, 2025 | 02:23
Updated-08 Jul, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information. Exploitation may allow for session theft.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2021-21578
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.52% / 65.92%
||
7 Day CHG~0.00%
Published-03 Aug, 2021 | 15:30
Updated-16 Sep, 2024 | 23:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.

Action-Not Available
Vendor-Dell Inc.
Product-emc_idrac9_firmwareIntegrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2021-21549
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.12% / 30.97%
||
7 Day CHG~0.00%
Published-21 May, 2021 | 20:05
Updated-16 Sep, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC XtremIO Versions prior to 6.3.3-8, contain a Cross-Site Request Forgery Vulnerability in XMS. A non-privileged attacker could potentially exploit this vulnerability, leading to a privileged victim application user being tricked into sending state-changing requests to the vulnerable application, causing unintended server operations.

Action-Not Available
Vendor-Dell Inc.
Product-xtremio_management_serverxtremio_x1xtremio_x2XtremIO
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-21579
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.53% / 66.35%
||
7 Day CHG~0.00%
Published-03 Aug, 2021 | 15:30
Updated-16 Sep, 2024 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.

Action-Not Available
Vendor-Dell Inc.
Product-emc_idrac9_firmwareIntegrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-34367
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.4||MEDIUM
EPSS-0.22% / 44.20%
||
7 Day CHG~0.00%
Published-20 Jul, 2022 | 20:55
Updated-16 Sep, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Data Protection Central versions 19.1, 19.2, 19.3, 19.4, 19.5, 19.6, contain(s) a Cross-Site Request Forgery Vulnerability. A(n) remote unauthenticated attacker could potentially exploit this vulnerability, leading to processing of unintended server operations.

Action-Not Available
Vendor-Dell Inc.
Product-emc_data_protection_centralData Protection Central
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-34448
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.60%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 20:51
Updated-26 Mar, 2025 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Cross-site Request Forgery vulnerability. An unauthenticated non-privileged user could potentially exploit the issue and perform any privileged state-changing actions.

Action-Not Available
Vendor-Dell Inc.
Product-powerpath_management_appliancePowerPath Management Appliance
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28069
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.26% / 48.63%
||
7 Day CHG~0.00%
Published-05 Apr, 2023 | 07:41
Updated-10 Feb, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. A remote unauthenticated attacker can phish the legitimate user to redirect to malicious website leading to information disclosure and launch of phishing attacks.

Action-Not Available
Vendor-Dell Inc.
Product-streaming_data_platformStreaming Data Platform
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2020-5329
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.20% / 42.62%
||
7 Day CHG~0.00%
Published-29 Jul, 2021 | 15:55
Updated-16 Sep, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Avamar Server contains an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.

Action-Not Available
Vendor-Dell Inc.
Product-emc_avamar_serverAvamar
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-22552
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.9||MEDIUM
EPSS-0.21% / 43.41%
||
7 Day CHG~0.00%
Published-21 Jan, 2022 | 20:15
Updated-17 Sep, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker could potentially exploit this vulnerability to trick the victim into executing state changing operations.

Action-Not Available
Vendor-Dell Inc.
Product-emc_appsyncAppSync
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2019-3718
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.6||HIGH
EPSS-0.24% / 46.92%
||
7 Day CHG~0.00%
Published-18 Apr, 2019 | 19:58
Updated-16 Sep, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems.

Action-Not Available
Vendor-Dell Inc.
Product-supportassistSupportAssist Client
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-18573
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.7||HIGH
EPSS-0.23% / 45.94%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 20:50
Updated-16 Sep, 2024 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authenticated malicious local user could potentially exploit this vulnerability as the session token is exposed as part of the URL. A remote attacker can gain access to victim’s session and perform arbitrary actions with privileges of the user within the compromised session.

Action-Not Available
Vendor-Dell Inc.
Product-rsa_identity_governance_and_lifecycleRSA Identity Governance & Lifecycle
CWE ID-CWE-598
Use of GET Request Method With Sensitive Query Strings
CWE ID-CWE-384
Session Fixation
CVE-2024-29169
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.4||MEDIUM
EPSS-0.55% / 66.80%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 15:13
Updated-20 May, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing potential unauthorized access and modification of application data.

Action-Not Available
Vendor-Dell Inc.
Product-secure_connect_gatewaySecure Connect Gateway-ApplicationSecure Connect Gateway-Appliancesecure_connect_gateway_applicationsecure_connect_gateway_appliance
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-5337
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.6||MEDIUM
EPSS-0.16% / 37.74%
||
7 Day CHG~0.00%
Published-04 May, 2020 | 18:50
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.

Action-Not Available
Vendor-Dell Inc.RSA Security LLC
Product-archerRSA Archer
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2020-5335
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5||MEDIUM
EPSS-0.08% / 23.79%
||
7 Day CHG~0.00%
Published-04 May, 2020 | 18:50
Updated-16 Sep, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site request forgery vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to send arbitrary requests to the vulnerable application to perform server operations with the privileges of the authenticated victim user.

Action-Not Available
Vendor-Dell Inc.RSA Security LLC
Product-archerRSA Archer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-21510
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.82% / 73.41%
||
7 Day CHG~0.00%
Published-08 Mar, 2021 | 21:45
Updated-16 Sep, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections.

Action-Not Available
Vendor-Dell Inc.
Product-idrac8_firmwareIntegrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2020-29498
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.20% / 42.62%
||
7 Day CHG~0.00%
Published-04 Jan, 2021 | 21:15
Updated-17 Sep, 2024 | 02:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite versions prior to 3.1 contain an open redirect vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-24905
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.6||HIGH
EPSS-0.08% / 24.82%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 13:19
Updated-20 May, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

Action-Not Available
Vendor-Dell Inc.
Product-policy_manager_for_secure_connect_gatewaySecure Connect Gateway (SCG) Policy Managersecure_connect_gateway_policy_manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-24904
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.6||HIGH
EPSS-0.08% / 24.82%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 13:24
Updated-20 May, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

Action-Not Available
Vendor-Dell Inc.
Product-policy_manager_for_secure_connect_gatewaySecure Connect Gateway (SCG) Policy Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-24906
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.6||HIGH
EPSS-0.08% / 24.82%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 13:06
Updated-20 May, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in Policy page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

Action-Not Available
Vendor-Dell Inc.
Product-policy_manager_for_secure_connect_gatewaySecure Connect Gateway (SCG) Policy Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-22230
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.44% / 62.22%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 18:45
Updated-19 Aug, 2024 | 14:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out any actions that this user could perform, or to generally control the victim's browser.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-0169
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.7||MEDIUM
EPSS-0.52% / 65.70%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 18:13
Updated-24 Apr, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.3 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-36577
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.04% / 11.52%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:43
Updated-11 Jul, 2025 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-36580
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.04% / 10.74%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:39
Updated-11 Jul, 2025 | 15:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-1246
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.7||MEDIUM
EPSS-0.18% / 39.57%
||
7 Day CHG~0.00%
Published-28 Sep, 2018 | 18:00
Updated-17 Sep, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_operating_environmentemc_unityvsa_operating_environmentDell EMC UnityVSADell EMC Unity
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-18574
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.8||MEDIUM
EPSS-0.25% / 47.92%
||
7 Day CHG~0.00%
Published-03 Dec, 2019 | 20:20
Updated-16 Sep, 2024 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface which could then be included in a report. When other Security Console administrators open the affected report, the injected scripts could potentially be executed in their browser.

Action-Not Available
Vendor-Dell Inc.RSA Security LLCELAN Microelectronics Corporation
Product-rsa_authentication_managerauthentication_managerRSA Authentication Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-1186
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.8||MEDIUM
EPSS-2.16% / 83.58%
||
7 Day CHG~0.00%
Published-26 Mar, 2018 | 18:00
Updated-17 Sep, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.

Action-Not Available
Vendor-Dell Inc.
Product-emc_isilonIsilon OneFS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-1188
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.8||MEDIUM
EPSS-2.16% / 83.58%
||
7 Day CHG~0.00%
Published-26 Mar, 2018 | 18:00
Updated-16 Sep, 2024 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.

Action-Not Available
Vendor-Dell Inc.
Product-emc_isilonIsilon OneFS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-1201
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.8||MEDIUM
EPSS-2.16% / 83.58%
||
7 Day CHG~0.00%
Published-26 Mar, 2018 | 18:00
Updated-17 Sep, 2024 | 03:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job Operations Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.

Action-Not Available
Vendor-Dell Inc.
Product-emc_isilonIsilon OneFS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-1202
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.8||MEDIUM
EPSS-2.16% / 83.58%
||
7 Day CHG~0.00%
Published-26 Mar, 2018 | 18:00
Updated-17 Sep, 2024 | 00:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.

Action-Not Available
Vendor-Dell Inc.
Product-emc_isilonIsilon OneFS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-1187
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.8||MEDIUM
EPSS-2.18% / 83.66%
||
7 Day CHG~0.00%
Published-26 Mar, 2018 | 18:00
Updated-17 Sep, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6 is affected by a cross-site scripting vulnerability in the Network Configuration page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.

Action-Not Available
Vendor-Dell Inc.
Product-emc_isilonIsilon OneFS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-43065
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.77%
||
7 Day CHG~0.00%
Published-23 Oct, 2023 | 14:55
Updated-11 Sep, 2024 | 13:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity prior to 5.3 contains a Cross-site scripting vulnerability. A low-privileged authenticated attacker can exploit these issues to obtain escalated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentunityvsa_operating_environmentunity_xt_operating_environmentUnity
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-27693
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-0.05% / 16.31%
||
7 Day CHG~0.00%
Published-02 Apr, 2025 | 00:19
Updated-11 Jul, 2025 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-1189
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.8||MEDIUM
EPSS-5.62% / 89.96%
||
7 Day CHG~0.00%
Published-26 Mar, 2018 | 18:00
Updated-16 Sep, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.

Action-Not Available
Vendor-Dell Inc.
Product-emc_isilonIsilon OneFS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-0330
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-4.3||MEDIUM
EPSS-1.43% / 79.87%
||
7 Day CHG~0.00%
Published-06 Feb, 2014 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in adminui/user_list.php on the Dell KACE K1000 management appliance 5.5.90545 allows remote attackers to inject arbitrary web script or HTML via the LABEL_ID parameter.

Action-Not Available
Vendor-n/aDell Inc.
Product-kace_k1000_systems_management_appliance_softwarekace_k1000_systems_management_appliancen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23379
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-3.5||LOW
EPSS-0.04% / 10.18%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 15:25
Updated-13 May, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Storage Center - Dell Storage Manager, version(s) 21.0.20, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection.

Action-Not Available
Vendor-Dell Inc.
Product-storage_managerDell Storage Center - Dell Storage Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-21515
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9||CRITICAL
EPSS-0.26% / 48.79%
||
7 Day CHG~0.00%
Published-01 Mar, 2021 | 20:25
Updated-16 Sep, 2024 | 22:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross-Site Scripting vulnerability. A remote low privileged attacker may potentially exploit this vulnerability, to hijack user sessions or to trick a victim application user to unknowingly send arbitrary requests to the server.

Action-Not Available
Vendor-Dell Inc.
Product-emc_sourceoneSourceOne
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 182
  • 183
  • Next
Details not found