Reflected Cross-Site Scripting Vulnerability in Dell DM5500
CVE-2023-44301

5.4MEDIUM

Key Information:

Vendor: Dell
Status: Dell PowerProtect Data Manager DM5500 Appliance
Vendor: CVE Published:; 4 December 2023

Summary

The Dell DM5500 appliance versions 5.14.0.0 and prior are susceptible to a reflected cross-site scripting vulnerability. This issue allows an attacker with minimal privileges to inject and execute malicious scripts within a user's web browser, exploiting the vulnerable web application. Potential consequences of this vulnerability include unauthorized information access, session hijacking, and client-side request forgery, which can compromise the integrity and security of user interactions with the application.

Affected Version(s)

Dell PowerProtect Data Manager DM5500 Appliance DM5500 5.14 and below

References

https://www.dell.com/support/kbdoc/en-us/000220107/dsa-20...

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 4, 2023
Vulnerability Reserved
Sep 28, 2023