Vulnerability Description
Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Emc Data Protection Advisor | <= 19.6 |
Related Weaknesses (CWE)
References
- https://www.dell.com/support/kbdoc/en-us/000201824/dsa-2022-107-dell-emc-data-prPatchVendor Advisory
- https://www.dell.com/support/kbdoc/en-us/000201824/dsa-2022-107-dell-emc-data-prPatchVendor Advisory
FAQ
What is CVE-2022-33935?
CVE-2022-33935 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML o...
How severe is CVE-2022-33935?
CVE-2022-33935 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-33935?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Emc Data Protection Advisor.