CVE-2024-0169

Dell Unity, versions prior to 5.4, contains a cross-site scripting (XSS) vulnerability. An authenticated attacker could potentially exploit this vulnerability, leading users to download and execute malicious software crafted by this product's feature to compromise their systems.
Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*

History

15 Feb 2024, 06:24

Type Values Removed Values Added
CPE cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*
References () https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities - () https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities - Vendor Advisory
Summary
  • (es) Dell Unity, versiones anteriores a la 5.4, contiene una vulnerabilidad de Cross-Site Scripting (XSS). Un atacante autenticado podría explotar esta vulnerabilidad, lo que llevaría a los usuarios a descargar y ejecutar software malicioso creado por la característica de este producto para comprometer sus sistemas.
CVSS v2 : unknown
v3 : 5.7
v2 : unknown
v3 : 5.4
CWE CWE-79
First Time Dell unity Operating Environment
Dell

12 Feb 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-12 19:15

Updated : 2024-02-15 06:24


NVD link : CVE-2024-0169

Mitre link : CVE-2024-0169

CVE.ORG link : CVE-2024-0169


JSON object : View

Products Affected

dell

  • unity_operating_environment
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-20

Improper Input Validation