Dell Unity CPE XSS in UI before 5.4
CVE-2024-22230 Published on February 12, 2024

Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out any actions that this user could perform, or to generally control the victim's browser.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2024-22230 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
NONE

Weakness Type

What is a XSS Vulnerability?

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE-2024-22230 has been classified to as a XSS vulnerability or weakness.


Products Associated with CVE-2024-22230

stack.watch emails you whenever new vulnerabilities are published in Dell Unity Operating Environment or Dell Unity. Just hit a watch button to start following.

Dell Unity Operating Environment
 
Dell Unity
 

Affected Versions

Dell Unity:

Exploit Probability

EPSS
0.44%
Percentile
62.84%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.