XSS in Dell PowerProtect Data Domain OS v7.7-8.5, 8.3.1-20, 7.13.1-50: CVE-2026-28263 April 2026

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a cross-site Scripting vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

Vulnerability Analysis

CVE-2026-28263 can be exploited with network access, requires user interaction and user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

REQUIRED

Scope:

CHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

LOW

Weakness Type

What is a XSS Vulnerability?

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE-2026-28263 has been classified to as a XSS vulnerability or weakness.

XSS in Dell PowerProtect Data Domain OS v7.7-8.5, 8.3.1-20, 7.13.1-50
CVE-2026-28263 Published on April 17, 2026

Vulnerability Analysis

Weakness Type

What is a XSS Vulnerability?

Affected Versions

XSS in Dell PowerProtect Data Domain OS v7.7-8.5, 8.3.1-20, 7.13.1-50CVE-2026-28263 Published on April 17, 2026

Vulnerability Analysis

Weakness Type

What is a XSS Vulnerability?

Affected Versions

XSS in Dell PowerProtect Data Domain OS v7.7-8.5, 8.3.1-20, 7.13.1-50
CVE-2026-28263 Published on April 17, 2026