DOM-Based Cross-Site Scripting Vulnerability in Dell EMC iDRAC9
CVE-2021-21541

6.1MEDIUM

Key Information:

Vendor: Dell
Status: Integrated Dell Remote Access Controller (idrac)
Vendor: CVE Published:; 30 April 2021

Summary

The vulnerability in Dell EMC iDRAC9 arises from the platform's inadequate handling of user-input data. An attacker can exploit this flaw by convincing a user to execute malicious HTML or JavaScript code in their web browser, targeting the iDRAC9 interface. This poses significant risks as it allows for unauthorized actions to be performed in the context of the vulnerable application, potentially compromising sensitive data or user interactions.

Affected Version(s)

Integrated Dell Remote Access Controller (iDRAC) < 4.40.00.00

References

https://www.dell.com/support/kbdoc/000185293

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 30, 2021
Vulnerability Reserved
Jan 4, 2021