CVE-2022-29091

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.4%

top 42.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Unity Dell Unity Operating Environment Dell Unity XT Operating Environment +1 more

Timeline

PublishedMay 26

Latest updateMay 27

Description

Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. An Unauthenticated Remote Attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶NVDdell/unity_xt_operating_environment< 5.2.0.0.5.173

▶NVDdell/unityvsa_operating_environment< 5.2.0.0.5.173

▶CVEListV5dell/unityunspecified — 5.2.0.0.5.173

▶NVDdell/unity_operating_environment< 5.2.0.0.5.173

🔴Vulnerability Details

GHSA

GHSA-h5xq-v95p-wq6m: Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5↗2022-05-27

▶

CVEList

CVE-2022-29091: Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5↗2022-05-26

▶