CVE-2020-35170

6.3MEDIUM

Key Information:

Vendor: Dell
Status: Unisphere For Powermax
Vendor: CVE Published:; 5 January 2021

Summary

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users’ sessions.

Affected Version(s)

Unisphere for PowerMax < 9.1.0.24

References

https://www.dell.com/support/kbdoc/000181212

x_refsource_MISC

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 5, 2021
Vulnerability Reserved
Dec 11, 2020