CVE-2018-1246

4.7MEDIUM

Key Information:

Vendor
Dell
Vendor
CVE Published:
28 September 2018

Summary

Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser.

Affected Version(s)

Dell EMC Unity < 4.3.1.1525703027

Dell EMC UnityVSA < 4.3.1.1525703027

References

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.