CVE-2022-33935

2022-08-3021:15:08

CWE-79

[email protected]

web.nvd.nist.gov

dell emc

data protection advisor

stored cross site scripting

vulnerability

information disclosure

session theft

client-side request forgery

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

22.7%

JSON

Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

Affected configurations

Nvd

Node

dellemc_data_protection_advisorRange≤19.6

VendorProductVersionCPE
dellemc_data_protection_advisor*cpe:2.3:a:dell:emc_data_protection_advisor:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	emc_data_protection_advisor	*	cpe:2.3:a:dell:emc_data_protection_advisor::::::::

References

www.dell.com/support/kbdoc/en-us/000201824/dsa-2022-107-dell-emc-data-protection-advisor-dpa-security-update-for-stored-cross-site-scripting-vulnerability