Vulnerability CVE-2018-1246


Published: 2018-09-28

Description:
Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser.

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

Vendor: DELL
Product: Emc unityvsa operating environment 
Version:
4.2.3.9670635
4.2.2.9632250
4.2.1.9535982
4.2.0.9476662
4.2.0.9392909
4.1.2.9257522
4.1.1.9138882
4.1.0.9058043
4.1.0.8959731
4.1.0.8940590
4.0.2.8627717
4.0.1.8404134
4.0.1.8320161
4.0.1.8194551
4.0.0.7329527
Product: Emc unity operating environment 
Version:
4.2.3.9670635
4.2.2.9632250
4.2.1.9535982
4.2.0.9476662
4.2.0.9392909
4.1.2.9257522
4.1.1.9138882
4.1.0.9058043
4.1.0.8959731
4.1.0.8940590
4.0.2.8627717
4.0.1.8404134
4.0.1.8320161
4.0.1.8194551
4.0.0.7329527

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
https://seclists.org/fulldisclosure/2018/Sep/30

Related CVE
CVE-2019-3723
Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to creat...
CVE-2019-3722
Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitr...
CVE-2019-3706
Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by...
CVE-2019-3705
Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker...
CVE-2019-3719
Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim us...
CVE-2019-3718
Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems.
CVE-2019-3709
IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while registering vCenter servers. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the ...
CVE-2019-3708
IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an OVA file. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the contex...

Copyright 2019, cxsecurity.com

 

Back to Top