Stored Cross-Site Scripting Vulnerabilities in Dell EMC iDRAC9
CVE-2021-21543

4.8MEDIUM

Key Information:

Vendor: Dell
Status: Integrated Dell Remote Access Controller (idrac)
Vendor: CVE Published:; 30 April 2021

Summary

Dell EMC iDRAC9 versions prior to 4.40.00.00 are exposed to multiple stored cross-site scripting vulnerabilities. These vulnerabilities allow a remote authenticated user with high privileges to inject malicious HTML or JavaScript code through various affected parameters. When other users access the compromised data, their web browsers execute the harmful code in the context of the vulnerable application, potentially leading to data theft or unexpected behavior.

Affected Version(s)

Integrated Dell Remote Access Controller (iDRAC) < 4.40.00.00

References

https://www.dell.com/support/kbdoc/000185293

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 30, 2021
Vulnerability Reserved
Jan 4, 2021