CVE-2019-3754 — Cross-site Scripting in EMC Unity Operating Environment

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

CNA4.7

EPSS

0.2%

top 63.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell EMC Unity Operating Environment Dell EMC Unityvsa Operating Environment Dell EMC Vnxe3200 Operating Environment +3 more

Timeline

PublishedSep 3

Latest updateMay 24

Description

Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, Dell EMC UnityVSA versions prior to 5.0.0.0.5.116 and Dell EMC VNXe3200 versions prior to 3.1.10.9946299 contain a reflected cross-site scripting vulnerability on the cas/logout page. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web bro…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages6 packages

▶CVEListV5dell_emc/unityvsa_operating_environmentunspecified — 5.0.0.0.5.116

▶NVDdell/emc_unityvsa_operating_environment< 5.0.0.0.5.116

▶CVEListV5dell_emc/unity_operating_environmentunspecified — 5.0.0.0.5.116

▶NVDdell/emc_unity_operating_environment< 5.0.0.0.5.116

▶CVEListV5dell_emc/vnxe3200_operating_environmentunspecified — 3.1.10.9946299

🔴Vulnerability Details

GHSA

GHSA-836g-4hmv-f4fc: Dell EMC Unity Operating Environment versions prior to 5↗2022-05-24

▶

CVEList

CVE-2019-3754: Dell EMC Unity Operating Environment versions prior to 5↗2019-09-03

▶