← Back

CVE-2024-28973

nvd nist
Published: Jun 26, 2024Modified: Feb 3, 2025

JSON object

Loading...
4.8
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Exploitability: 1.7 / Impact: 2.7
Source: NVD

Description

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a high privileged victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery

Affected (2)

Dell
1 product
Data Domain Operating System
Configuration A
1 vulnerable · 7 platform
Vulnerable SoftwareAffected Versions
Data Domain Operating System
From 7.0 to 7.13
Running on/withPlatform Versions
Dell
Dd3300
All versions
Dell
Dd6400
All versions
Dell
Dd6900
All versions
Dell
Dd9400
All versions
Dell
Dd9410
All versions
Dell
Dd9900
All versions
Dell
Dd9910
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Data Domain Operating System
Before 5.16.0.0
Running on/withPlatform Versions
Dell
Dm5500
All versions

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

Source: security_alert@emc.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.