N/A

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Dell EMC iDRAC9 跨站脚本漏洞

DELL Dell EMC iDRAC9是美国戴尔（DELL）公司的一套包含硬件和软件的系统管理解决方案。该方案为Dell PowerEdge系统提供远程管理、崩溃系统恢复和电源控制等功能。 Dell EMC iDRAC9 4.40.00.00 之前版本存在跨站脚本漏洞，远程未经身份验证的攻击者可利用该漏洞欺骗受害应用程序用户向浏览器中的DOM环境提供恶意的HTML或JavaScript代码。然后，恶意代码被web浏览器在脆弱的web应用程序的上下文中执行。

N/A

N/A