Dell EMC Integrated Data Protection Appliance versions before 2.3 contain a stored cross-site scripting vulnerability. A remote malicious ACM admin user may potentially exploit this vulnerability to store malicious HTML or JavaScript code in Cloud DR add-on specific field. When victim users access the page through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dell emc_integrated_data_protection_appliance_firmware 2.1 |
||
dell emc_integrated_data_protection_appliance_firmware 2.2 |
||
dell emc_integrated_data_protection_appliance_firmware 2.0 |