CVE-2021-21543

CVSS 4.8 MEDIUMEPSS 0.6%CWE-79

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 4.8EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

30 Apr 2021Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected parameters. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Affected products

Dell · Integrated Dell Remote Access Controller (iDRAC)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.dell.com/support/kbdoc/000185293