CVE-2024-0169 — Cross-site Scripting in Dell Unity

CWE-79 — Cross-site Scripting CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.4MEDIUMNVD

CNA5.7

EPSS

0.4%

top 39.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Unity Dell Unity Operating Environment

Timeline

PublishedFeb 12

Description

Dell Unity, version(s) 5.3 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5dell/unity< 5.4

▶NVDdell/unity_operating_environment< 5.4.0.0.5.094

🔴Vulnerability Details

GHSA

GHSA-gmxc-263m-5hqx: Dell Unity, versions prior to 5↗2024-02-12

▶

CVEList

CVE-2024-0169: Dell Unity, version(s) 5↗2024-02-12

▶