PT-2022-19408 · Dell · Dell Unity+3
Published
2022-05-26
·
Updated
2022-06-08
·
CVE-2022-29091
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Dell Unity versions prior to 5.2.0.0.5.173
Dell UnityVSA versions prior to 5.2.0.0.5.173
Dell UnityXT versions prior to 5.2.0.0.5.173
Description
The issue is a Reflected Cross-Site Scripting Vulnerability in the Unisphere GUI. An unauthenticated remote attacker could exploit this, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser. This may result in information disclosure, session theft, or client-side request forgery.
Recommendations
For Dell Unity versions prior to 5.2.0.0.5.173, update to version 5.2.0.0.5.173 or later.
For Dell UnityVSA versions prior to 5.2.0.0.5.173, update to version 5.2.0.0.5.173 or later.
For Dell UnityXT versions prior to 5.2.0.0.5.173, update to version 5.2.0.0.5.173 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dell Unity
Dell Unityvsa
Dell Unity Xt
Unisphere Gui