Reflected Cross-Site Scripting Vulnerability in Dell EMC Unity Products
CVE-2018-1246

4.7MEDIUM

Key Information:

Vendor: Dell
Status: Dell Emc Unity; Dell Emc Unityvsa
Vendor: CVE Published:; 28 September 2018

What is CVE-2018-1246?

Dell EMC Unity and UnityVSA are susceptible to a reflected cross-site scripting vulnerability. This enables an unprivileged attacker to craft a malicious HTML or JavaScript payload, tricking a victim application user into inputting it into the Unisphere interface. The crafted code is then executed in the victim's web browser, potentially allowing the attacker to intercept sensitive information or conduct other malicious activities.

Affected Version(s)

Dell EMC Unity < 4.3.1.1525703027

Dell EMC UnityVSA < 4.3.1.1525703027

References

https://seclists.org/fulldisclosure/2018/Sep/30

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 28, 2018
Vulnerability Reserved
Dec 6, 2017