Reflected Cross-Site Scripting Vulnerability in Dell EMC Unity Products
CVE-2018-1246

4.7MEDIUM

Key Information:

Vendor: Dell
Status: Dell Emc Unity; Dell Emc Unityvsa
Vendor: CVE Published:; 28 September 2018

What is CVE-2018-1246?

Dell EMC Unity and UnityVSA are susceptible to a reflected cross-site scripting vulnerability. This enables an unprivileged attacker to craft a malicious HTML or JavaScript payload, tricking a victim application user into inputting it into the Unisphere interface. The crafted code is then executed in the victim's web browser, potentially allowing the attacker to intercept sensitive information or conduct other malicious activities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Dell EMC Unity < 4.3.1.1525703027

Dell EMC UnityVSA < 4.3.1.1525703027

References

https://seclists.org/fulldisclosure/2018/Sep/30

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 28, 2018
Vulnerability Reserved
Dec 6, 2017

JSON

Dell