Cross-Site Scripting Vulnerability in Dell Unity by Dell
CVE-2025-36605

6.1MEDIUM

Key Information:

Vendor: Dell
Status: Unity
Vendor: CVE Published:; 4 August 2025

What is CVE-2025-36605?

Dell Unity versions up to 5.5 are susceptible to a cross-site scripting vulnerability due to improper neutralization of input during web page generation. This flaw could allow an unauthenticated remote attacker to execute arbitrary HTML or JavaScript code within the web application context of a victim's browser. Exploiting this vulnerability might lead to serious outcomes, including information disclosure, session hijacking, or client-side request forgery. Users of affected versions should take immediate action to secure their systems and apply relevant patches.

Affected Version(s)

Unity < 5.5.1

References

https://www.dell.com/support/kbdoc/en-si/000350756/dsa-20...

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 4, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Dell would like to thank Sina Kheirkhah of watchTowr for reporting this issue.