CVE-2022-33935 — Cross-site Scripting in Dell Data Protection Advisor

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 53.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Data Protection Advisor Dell EMC Data Protection Advisor

Timeline

PublishedAug 30

Latest updateAug 31

Description

Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-s…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5dell/data_protection_advisorunspecified — 19.5

▶NVDdell/emc_data_protection_advisor19.6

Patches

Patch: www.dell.com ↗Patch: www.dell.com ↗

🔴Vulnerability Details

GHSA

GHSA-jv78-qfm7-p5qh: Dell EMC Data Protection Advisor versions 19↗2022-08-31

▶

CVEList

CVE-2022-33935: Dell EMC Data Protection Advisor versions 19↗2022-08-30

▶