CVE-2019-18588Cross-site Scripting in Dell Unisphere FOR Powermax

CWE-79Cross-site Scripting3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.5%
top 32.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Dell Unisphere FOR PowermaxDell EMC Unisphere FOR PowermaxDell EMC Powermax
Timeline
PublishedJan 10
Latest updateMay 24

Description

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users' sessions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

CVEListV5dell/unisphere_for_powermaxunspecified9.1.0.9 and 9.0.2.16
NVDdell/emc_powermax5978.221.221, 5978.479.479+1
NVDdell/emc_unisphere9.1.0.09.1.0.9+1

🔴Vulnerability Details

2
GHSA
GHSA-5qmp-8h68-wq8j: Dell EMC Unisphere for PowerMax versions prior to 92022-05-24
CVEList
CVE-2019-18588: Dell EMC Unisphere for PowerMax versions prior to 92020-01-10
CVE-2019-18588 — Cross-site Scripting in Dell | cvebase