exploitDog

CVE-2021-21576

Опубликовано: 03 авг. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.

Ссылки

https://www.dell.com/support/kbdoc/000189193
Vendor Advisory
https://www.dell.com/support/kbdoc/000189193
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:dell:emc_idrac9_firmware:*:*:*:*:*:*:*:*

Версия до 4.40.40.00 (исключая)

EPSS

Процентиль: 56%

0.00331

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-4gg2-gx5w-mvfg

github

больше 3 лет назад

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.

EPSS

Процентиль: 56%

0.00331

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

CWE-79