Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a DOM-based Cross-Site Scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the injection of malicious HTML or JavaScript code to a victim user's DOM environment in the browser. . Exploitation may lead to information disclosure, session theft, or client-side request forgery.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
27 Dec 2023, 19:30
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
Summary |
|
|
CPE | cpe:2.3:a:dell:apex_protection_storage:*:*:*:*:*:*:*:* cpe:2.3:o:dell:emc_data_domain_os:*:*:*:*:*:*:*:* cpe:2.3:o:dell:emc_data_domain_os:*:*:*:*:lts2023:*:*:* cpe:2.3:h:dell:dp4400:-:*:*:*:*:*:*:* cpe:2.3:h:dell:dp5900:-:*:*:*:*:*:*:* cpe:2.3:o:dell:emc_data_domain_os:*:*:*:*:lts2022:*:*:* cpe:2.3:a:dell:powerprotect_data_domain_management_center:*:*:*:*:*:*:*:* cpe:2.3:h:dell:dd6900:-:*:*:*:*:*:*:* cpe:2.3:h:dell:dd9400:-:*:*:*:*:*:*:* cpe:2.3:a:dell:powerprotect_data_domain:*:*:*:*:virtual:*:*:* cpe:2.3:h:dell:dd9900:-:*:*:*:*:*:*:* cpe:2.3:a:dell:powerprotect_data_protection:*:*:*:*:*:*:*:* cpe:2.3:o:dell:powerprotect_data_domain_management_center:*:*:*:*:lts2023:*:*:* cpe:2.3:h:dell:dd6400:-:*:*:*:*:*:*:* cpe:2.3:o:dell:powerprotect_data_domain_management_center:*:*:*:*:lts2022:*:*:* cpe:2.3:h:dell:dd3300:-:*:*:*:*:*:*:* |
|
First Time |
Dell dd9900
Dell dp5900 Dell dd3300 Dell powerprotect Data Domain Management Center Dell apex Protection Storage Dell dd6900 Dell dd6400 Dell powerprotect Data Domain Dell emc Data Domain Os Dell dp4400 Dell dd9400 Dell powerprotect Data Protection Dell |
14 Dec 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-14 16:15
Updated : 2023-12-27 19:30
NVD link : CVE-2023-44286
Mitre link : CVE-2023-44286
CVE.ORG link : CVE-2023-44286
JSON object : View
Products Affected
dell
- powerprotect_data_domain
- dd9900
- powerprotect_data_domain_management_center
- emc_data_domain_os
- dd3300
- powerprotect_data_protection
- dd6400
- dd6900
- apex_protection_storage
- dp4400
- dd9400
- dp5900
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')