CVE-2022-33935

{"id": "CVE-2022-33935", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}, {"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2022-08-30T21:15:08.707", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000201824/dsa-2022-107-dell-emc-data-protection-advisor-dpa-security-update-for-stored-cross-site-scripting-vulnerability", "tags": ["Patch", "Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery."}, {"lang": "es", "value": "Dell EMC Data Protection Advisor versiones 19.6 y anteriores, contienen una vulnerabilidad de tipo Cross Site Scripting Almacenado, un atacante podr\u00eda explotar esta vulnerabilidad, conllevando a un almacenamiento de c\u00f3digos HTML o JavaScript maliciosos en un almac\u00e9n de datos de aplicaciones confiables. Cuando un usuario v\u00edctima accede al almac\u00e9n de datos mediante su navegador, el c\u00f3digo malicioso es ejecutado por el navegador web en el contexto de la aplicaci\u00f3n web vulnerable. La explotaci\u00f3n puede conllevar a una divulgaci\u00f3n de informaci\u00f3n, robo de sesiones o ataques de tipo client-side request forgery"}], "lastModified": "2022-09-07T19:55:01.220", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:emc_data_protection_advisor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "042BC8B1-BAE4-4D1B-AC7F-A5D607ABA79B", "versionEndIncluding": "19.6"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}