Stored Cross-site Scripting in PowerPath Management Appliance by Dell
CVE-2022-34451

4.8MEDIUM

Key Information:

Vendor: Dell
Status: Powerpath Management Appliance
Vendor: CVE Published:; 11 February 2023

What is CVE-2022-34451?

The PowerPath Management Appliance from Dell is susceptible to a stored cross-site scripting vulnerability. This issue allows an authenticated admin user to exploit the system, potentially leading to user session hijacking or tricking legitimate users into sending arbitrary requests to the server. It is crucial for administrators to apply the necessary patches or mitigations to protect against potential exploits.

Affected Version(s)

PowerPath Management Appliance 3.3, 3.2*, 3.1, 3.0*

References

https://www.dell.com/support/kbdoc/000205404

vendor-advisory

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2023
Vulnerability Reserved
Jun 23, 2022