HTML Injection and XSS Vulnerabilities in Dell SmartFabric Storage Software
CVE-2023-43071

4.4MEDIUM

Key Information:

Vendor: Dell
Status: Dell Smartfabric Storage Software
Vendor: CVE Published:; 5 October 2023

Summary

Dell SmartFabric Storage Software versions prior to v1.4 are susceptible to vulnerabilities that allow for HTML injection and formula injection through CSV files. This could lead to potential cross-site scripting (XSS) attacks via the software's graphical user interface (GUI). A remote authenticated attacker may leverage these vulnerabilities to execute various forms of injection attacks, impacting the security and privacy of the affected systems.

Affected Version(s)

Dell SmartFabric Storage Software v1.4.0 and prior

References

https://www.dell.com/support/kbdoc/en-us/000218107/dsa-20...

vendor-advisory

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 5, 2023
Vulnerability Reserved
Sep 15, 2023