Improper Encoding Flaw in Dell PowerProtect Data Manager
CVE-2025-23377
3.4LOW
What is CVE-2025-23377?
Dell PowerProtect Data Manager versions 19.17 and 19.18 are susceptible to a vulnerability that arises from improper encoding or escaping of output. This security flaw could allow a high-privileged attacker with local access to exploit the vulnerability, thereby injecting arbitrary web scripts or HTML into reporting outputs. Such an exploit may lead to unauthorized access or manipulation of sensitive information presented in the reports.
Affected Version(s)
PowerProtect Data Manager 19.15.0 <= 19.18.0-23