CVE-2013-3589

Name of the Vulnerable Software and Affected Versions Dell iDRAC6 versions prior to 1.96 Dell iDRAC7 versions prior to 1.46.45

Description A cross-site scripting (XSS) issue exists in the login page of the Administrative Web Interface, allowing remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter. This could potentially lead to unauthorized actions on the affected device.

Recommendations For Dell iDRAC6 versions prior to 1.96, update the firmware to version 1.96 or later. For Dell iDRAC7 versions prior to 1.46.45, update the firmware to version 1.46.45 or later.