CVE-2022-33935: DSA-2022-107: Dell Data Protection Advisor Security Update for Stored Cross Site Scripting Vulnerability

Vaikutus

Medium

Tiedot

Proprietary Code CVE

Description

CVSS Base Score

CVSS Vector String

CVE-2022-33935

Dell Data Protection Advisor versions 19.6 and earlier contains a Stored Cross Site Scripting vulnerability. An attacker may potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets run by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

5.4

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Proprietary Code CVE

Description

CVSS Base Score

CVSS Vector String

CVE-2022-33935

Dell Data Protection Advisor versions 19.6 and earlier contains a Stored Cross Site Scripting vulnerability. An attacker may potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets run by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

5.4

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen****Versiohistoria

Revision

Date

Description

1.0

2022-07-25

Initial Release

Asiaan liittyvät tiedot

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

25 heinäk. 2022