CVE-2024-28973Cross-site Scripting in Dell Powerprotect DD

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.8MEDIUMNVD
CNA5.9
EPSS
0.3%
top 43.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell Powerprotect DDDell Data Domain Operating System
Timeline
PublishedJun 26

Description

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a high privileged victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web applicatio

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

CVEListV5dell/powerprotect_ddN/A2.7.7+2

🔴Vulnerability Details

2
CVEList
CVE-2024-28973: Dell PowerProtect DD, versions prior to 82024-06-26
GHSA
GHSA-rjv4-w97f-h7vm: Dell PowerProtect DD, versions prior to 82024-06-26
CVE-2024-28973 — Cross-site Scripting in Dell | cvebase