DOM-Based Cross-Site Scripting in Dell PowerProtect DD Product
CVE-2023-44286
8.8HIGH
Summary
The PowerProtect DD product from Dell is vulnerable to a DOM-based Cross-Site Scripting flaw in versions preceding 7.13.0.10. An unauthenticated remote attacker could exploit this vulnerability to inject malicious HTML or JavaScript code into a victim's browser environment. Successful exploitation may lead to serious issues such as session theft, unauthorized disclosure of sensitive information, or client-side request forgery, jeopardizing user security and privacy.
Affected Version(s)
PowerProtect DD Versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110ersions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Dell Technologies would like to thank Jakub Brzozowski (redfr0g), Franciszek Kalinowski, and Stanisław Koza from STM Cyber for reporting these issues.