Description

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application.

Related CPE's

o

dell

idrac9_firmware

Vulnerable

References

https://www.dell.com/support/kbdoc/000185293

Vendor Advisory

https://www.dell.com/support/kbdoc/000185293

Vendor Advisory

Weaknesses

[email protected]

Secondary
CWE-79

[email protected]

Primary
CWE-79

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-04-30T19:15:08.780Z

4 years ago

Last modified

2024-11-21T04:48:33.383Z

1 year ago