HTML and JavaScript Injection Vulnerability in Dell EMC CloudLink Products
CVE-2021-36332

5.4MEDIUM

Key Information:

Vendor: Dell
Status: ClouD-Link
Vendor: CVE Published:; 23 November 2021

What is CVE-2021-36332?

Dell EMC CloudLink versions 7.1 and earlier have a vulnerability that allows remote attackers with low privileges to inject malicious HTML and JavaScript code. This can lead to redirecting end users to arbitrary and potentially harmful websites, posing a significant risk to user data and security. Users of affected versions should implement necessary precautions and consider upgrading to mitigate exposure to this vulnerability.

Affected Version(s)

CloudLink < 7.1.1

References

https://www.dell.com/support/kbdoc/en-us/000193031/https-...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 23, 2021
Vulnerability Reserved
Jul 8, 2021