CVE-2012-4955

Published: Nov 15, 2012Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in Dell OpenManage Server Administrator (OMSA) before 6.5.0.1, 7.0 before 7.0.0.1, and 7.1 before 7.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected (18)

Products: Dell: Openmanage Server Administrator

1 product

Openmanage Server Administrator

Configuration A

18 vulnerable

Vulnerable Software	Affected Versions
Dell Openmanage Server Administrator	Up to 6.5.0
Dell Openmanage Server Administrator	Version 1.00.0000
Dell Openmanage Server Administrator	Version 4.3.0
Dell Openmanage Server Administrator	Version 4.4.0
Dell Openmanage Server Administrator	Version 4.5.0
Dell Openmanage Server Administrator	Version 5.0.0
Dell Openmanage Server Administrator	Version 5.1.0.1
Dell Openmanage Server Administrator	Version 5.1.0
Dell Openmanage Server Administrator	Version 5.2.0
Dell Openmanage Server Administrator	Version 5.3.0
Dell Openmanage Server Administrator	Version 5.4.0
Dell Openmanage Server Administrator	Version 5.5.0.1
Dell Openmanage Server Administrator	Version 5.5.0
Dell Openmanage Server Administrator	Version 6.2.0
Dell Openmanage Server Administrator	Version 6.3.0
Dell Openmanage Server Administrator	Version 6.4.0
Dell Openmanage Server Administrator	Version 7.0.0
Dell Openmanage Server Administrator	Version 7.1.0

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (16)

http://osvdb.org/87405

Source: cret@cert.org

http://secunia.com/advisories/51297

Source: cret@cert.org

http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-r710?driverId=5JDN0&osCode=WNET&fileId=3082293694

Source: cret@cert.org

Patch

http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-r710?driverId=JJMWP&osCode=WNET&fileId=3082295338

Source: cret@cert.org

Patch

http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-r710?driverId=PCXMR&osCode=WNET&fileId=3082295344

Source: cret@cert.org

Patch

http://www.kb.cert.org/vuls/id/558132

Source: cret@cert.org

US Government Resource

http://www.securityfocus.com/bid/56518

Source: cret@cert.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/80071

Source: cret@cert.org

http://osvdb.org/87405

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/51297

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-r710?driverId=5JDN0&osCode=WNET&fileId=3082293694

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-r710?driverId=JJMWP&osCode=WNET&fileId=3082295338

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-r710?driverId=PCXMR&osCode=WNET&fileId=3082295344

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.kb.cert.org/vuls/id/558132

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.securityfocus.com/bid/56518

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/80071

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.