CVE-2022-33934

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
4.8MEDIUM
EPSS
0.2%
top 62.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell Powerscale OnefsDell EMC Powerscale Onefs
Timeline
PublishedFeb 10

Description

Dell PowerScale OneFS, versions 8.2.x through 9.4.x contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges may potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected fields.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0

Affected Packages2 packages

CVEListV5dell/powerscale_onefs8.2.x9.4.x
NVDdell/emc_powerscale_onefs9.1.0.09.1.0.23+3

🔴Vulnerability Details

2
CVEList
CVE-2022-33934: Dell PowerScale OneFS, versions 82023-02-10
GHSA
GHSA-wgmq-p48r-249m: Dell PowerScale OneFS, versions 82023-02-10
CVE-2022-33934 (MEDIUM CVSS 4.8) | Dell PowerScale OneFS | cvebase.io