CVE-2021-21541

Name of the Vulnerable Software and Affected Versions Dell EMC iDRAC9 versions prior to 4.40.00.00

Description The issue allows a remote unauthenticated attacker to potentially exploit a DOM-based cross-site scripting vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the DOM environment in the browser. This malicious code is then executed by the web browser in the context of the vulnerable web application.

Recommendations For versions prior to 4.40.00.00, update to version 4.40.00.00 or later to resolve the issue. As a temporary workaround, consider restricting access to the web application to minimize the risk of exploitation.