Dell SCG Policy Manager: Stored XSS can lead to code exec
CVE-2024-24905 Published on March 1, 2024
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.
Vulnerability Analysis
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2024-24905 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2024-24905
stack.watch emails you whenever new vulnerabilities are published in Dell Secure Connect Gateway or Dell Policy Manager Secure Connect Gateway. Just hit a watch button to start following.
Affected Versions
Dell Secure Connect Gateway (SCG) Policy Manager:- Before 5.22.00.16 is affected.
- Before 5.22.00.16 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.