← back
CVE-2019-18588

CVE-2019-18588

CVSS 9 CRITICALEPSS 0.7%CWE-79
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
10 Jan 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users' sessions.
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Affected products
Dell · Unisphere for PowerMax

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.dell.com/support/security/en-us/details/539808/DSA-2019-193-Dell-EMC-Unisphere-for-PowerMax-and-Dell-EMC-PowerMax-Embedded-Management-Cross-Site