DSA-2022-138: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for a Cross-Site Scripting Vulnerability
Summary:
Dell Unity, Dell UnityVSA, and Dell Unity XT remediation is available for a Cross-Site Scripting Vulnerability that may be exploited by malicious users to compromise the affected
system.
...
Please select a product to check article relevancy
This article applies to This article does not apply toThis article is not tied to any specific product.Not all product versions are identified in this article.
Dell Unity, Dell UnityVSA, and Dell UnityXT versions before 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere UI. An Unauthenticated Remote Attacker may potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Proprietary Code CVE
Description
CVSS Base Score
CVSS Vector String
CVE-2022-29091
Dell Unity, Dell UnityVSA, and Dell UnityXT versions before 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere UI. An Unauthenticated Remote Attacker may potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.