Stored Cross-Site Scripting Vulnerability in Dell PowerStore
CVE-2022-26866

5.5MEDIUM

Key Information:

Vendor: Dell
Status: Powerstore
Vendor: CVE Published:; 2 June 2022

What is CVE-2022-26866?

Dell PowerStore prior to version 2.1.1.0 is susceptible to a Stored Cross-Site Scripting vulnerability. This allows a network attacker with high privileges to inject malicious HTML or JavaScript code into a trusted application data store. When users access this compromised data, the scripts execute within their web browsers, potentially leading to serious consequences such as information disclosure, session theft, or client-side request forgery. It is crucial for users to apply the latest updates to mitigate exploitation risks.

Affected Version(s)

PowerStore < unspecified

References

https://www.dell.com/support/kbdoc/000196367

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2022
Vulnerability Reserved
Mar 10, 2022