Medium
Proprietary Code CVE(s) | Description | CVSSBase Score | CVSS Vector String |
CVE-2020-35170 |
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.24 contain a Stored Cross-Site Scripting vulnerability. A remote, authenticated attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery | 6.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Proprietary Code CVE(s) | Description | CVSSBase Score | CVSS Vector String |
CVE-2020-35170 |
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.24 contain a Stored Cross-Site Scripting vulnerability. A remote, authenticated attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery | 6.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Product | Affected Version(s) | Updated Version(s) | Link to Update |
Unisphere for PowerMax | Versions prior to 9.1.0.24 | 9.1.0.24 EEM: 9.1.0.853 |
https://www.dell.com/support/home/en-us/product-support/product/unisphere-powermax/drivers |
Unisphere for PowerMax | Versions prior to 9.2.0.6 | 9.2.0.6 EEM: 9.2.0.1018 |
https://www.dell.com/support/home/en-us/product-support/product/unisphere-powermax/drivers |
PowerMax OS | 5978 | 5978 | Request OPT 577141 Request OPT 576388 |
Product | Affected Version(s) | Updated Version(s) | Link to Update |
Unisphere for PowerMax | Versions prior to 9.1.0.24 | 9.1.0.24 EEM: 9.1.0.853 |
https://www.dell.com/support/home/en-us/product-support/product/unisphere-powermax/drivers |
Unisphere for PowerMax | Versions prior to 9.2.0.6 | 9.2.0.6 EEM: 9.2.0.1018 |
https://www.dell.com/support/home/en-us/product-support/product/unisphere-powermax/drivers |
PowerMax OS | 5978 | 5978 | Request OPT 577141 Request OPT 576388 |
Any chart or dashboard with stored cross-site scripting needs to be deleted to remove the stored XSS.
Revision | Date | Description |
1.0 | 2020-12-14 | Initial Release |
Dell would like to thank Tomasz Stachowicz and Przemek Nowakowski for reporting this issue.