CVE-2019-3754 vulnerability in Dell Products
Published on September 3, 2019
Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, Dell EMC UnityVSA versions prior to 5.0.0.0.5.116 and Dell EMC VNXe3200 versions prior to 3.1.10.9946299 contain a reflected cross-site scripting vulnerability on the cas/logout page. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2019-3754 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2019-3754
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-3754 are published in these products:
Affected Versions
DELL EMC Unity Operating Environment:- Version unspecified and below 5.0.0.0.5.116 is affected.
- Version unspecified and below 5.0.0.0.5.116 is affected.
- Version unspecified and below 3.1.10.9946299 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.