Stored Cross-Site Scripting Vulnerability in Dell EMC iDRAC9
CVE-2021-21542

4.8MEDIUM

Key Information:

Vendor: Dell
Status: Integrated Dell Remote Access Controller (idrac)
Vendor: CVE Published:; 30 April 2021

Summary

Dell EMC iDRAC9 software prior to version 4.40.10.00 is affected by several stored cross-site scripting vulnerabilities. These issues allow a remote authenticated attacker with elevated privileges to inject malicious HTML or JavaScript code into the application. The injected code can then be executed in the browser context whenever victim users access the data. This vulnerability poses a significant risk as it could lead to the execution of unauthorized actions or theft of sensitive information from users' sessions.

Affected Version(s)

Integrated Dell Remote Access Controller (iDRAC) < 4.40.10.00

References

https://www.dell.com/support/kbdoc/000185293

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 30, 2021
Vulnerability Reserved
Jan 4, 2021