CVE-2023-44286
published 2023-12-14CVE-2023-44286: Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a DOM-based Cross-Site Scripting vulnerability. A remote…
PriorityP427medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.76%
50.5th percentile
Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a DOM-based Cross-Site Scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the injection of malicious HTML or JavaScript code to a victim user's DOM environment in the browser. . Exploitation may lead to information disclosure, session theft, or client-side request forgery.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | apex_protection_storage | < 6.2.1.110 | 6.2.1.110 |
| dell | apex_protection_storage | >= 7.0 < 7.10.1.15 | 7.10.1.15 |
| dell | emc_data_domain_os | < 6.2.1.110 | 6.2.1.110 |
| dell | emc_data_domain_os | >= 7.0 < 7.12.0.0 | 7.12.0.0 |
| dell | emc_data_domain_os | >= 7.10 < 7.10.1.15 | 7.10.1.15 |
| dell | emc_data_domain_os | >= 7.7 < 7.7.5.25 | 7.7.5.25 |
| dell | powerprotect_data_domain | < 6.2.1.110 | 6.2.1.110 |
| dell | powerprotect_data_domain | >= 7.0 < 7.12.0.0 | 7.12.0.0 |
| dell | powerprotect_data_domain_management_center | < 6.2.1.110 | 6.2.1.110 |
| dell | powerprotect_data_domain_management_center | >= 7.0 < 7.13.0.10 | 7.13.0.10 |
| dell | powerprotect_data_domain_management_center | >= 7.10 < 7.10.1.15 | 7.10.1.15 |
| dell | powerprotect_data_domain_management_center | >= 7.7 < 7.7.5.25 | 7.7.5.25 |
| dell | powerprotect_data_protection | < 2.7.6 | 2.7.6 |
| dell | powerprotect_dd | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-12-14
Published