CVE-2019-18588

EPSS 0.53%
Published 10.01.2020 19:15:11
Last modified 21.11.2024 04:33:20
Source security_alert@emc.com
Teams watchlist Login
Open Login

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users' sessions.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Dell ≫ Emc Powermax Version5978.221.221

Dell ≫ Emc Powermax Version5978.479.479

Dell ≫ Emc Unisphere For Powermax Version < 9.0.2.16

Dell ≫ Emc Unisphere For Powermax Version >= 9.1.0.0 < 9.1.0.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.53%	0.657

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N
security_alert@emc.com	9	2.3	6	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://www.dell.com/support/security/en-us/details/539808/DSA-2019-193-Dell-EMC-Unisphere-for-PowerMax-and-Dell-EMC-PowerMax-Embedded-Management-Cross-Site

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-18588

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-18588

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-18588

EUVD