CVE-2024-28979

Dell OpenManage Enterprise, versions 4.1.0 and older, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.
Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:openmanage_enterprise:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:07

Type Values Removed Values Added
References () https://www.dell.com/support/kbdoc/en-us/000224642/dsa-2024-202-security-update-for-dell-openmanage-enterprise-vulnerability - Vendor Advisory () https://www.dell.com/support/kbdoc/en-us/000224642/dsa-2024-202-security-update-for-dell-openmanage-enterprise-vulnerability - Vendor Advisory
CVSS v2 : unknown
v3 : 4.8
v2 : unknown
v3 : 5.1

20 Aug 2024, 17:15

Type Values Removed Values Added
CWE CWE-20
Summary (en) Dell OpenManage Enterprise, versions prior to 4.1.0, contains an XSS injection vulnerability in UI. A high privileged local attacker could potentially exploit this vulnerability, leading to JavaScript injection. (en) Dell OpenManage Enterprise, versions 4.1.0 and older, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

23 May 2024, 19:05

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.1
v2 : unknown
v3 : 4.8
References () https://www.dell.com/support/kbdoc/en-us/000224642/dsa-2024-202-security-update-for-dell-openmanage-enterprise-vulnerability - () https://www.dell.com/support/kbdoc/en-us/000224642/dsa-2024-202-security-update-for-dell-openmanage-enterprise-vulnerability - Vendor Advisory
CWE CWE-79
CPE cpe:2.3:a:dell:openmanage_enterprise:*:*:*:*:*:*:*:*
First Time Dell
Dell openmanage Enterprise
Summary
  • (es) Dell OpenManage Enterprise, versiones anteriores a la 4.1.0, contiene una vulnerabilidad de inyección XSS en la interfaz de usuario. Un atacante local con privilegios elevados podría explotar esta vulnerabilidad, lo que provocaría una inyección de JavaScript.

01 May 2024, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-01 04:15

Updated : 2024-11-21 09:07


NVD link : CVE-2024-28979

Mitre link : CVE-2024-28979

CVE.ORG link : CVE-2024-28979


JSON object : View

Products Affected

dell

  • openmanage_enterprise
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')