CVE-2019-18588

Published: Jan 10, 2020Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users' sessions.

Affected (4)

Products: Dell: Emc Powermax, Emc Unisphere For Powermax

Dell

2 products

Emc Powermax

Emc Unisphere For Powermax

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Dell Emc Powermax	Version 5978.221.221
Dell Emc Powermax	Version 5978.479.479
Dell Emc Unisphere For Powermax	Before 9.0.2.16
Dell Emc Unisphere For Powermax	From 9.1.0.0 to 9.1.0.9

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://www.dell.com/support/security/en-us/details/539808/DSA-2019-193-Dell-EMC-Unisphere-for-PowerMax-and-Dell-EMC-PowerMax-Embedded-Management-Cross-Site

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/security/en-us/details/539808/DSA-2019-193-Dell-EMC-Unisphere-for-PowerMax-and-Dell-EMC-PowerMax-Embedded-Management-Cross-Site

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.