Vulnerability Description
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a high privileged victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Data Domain Operating System | >= 7.0, <= 7.13 |
| Dell | Dd3300 | - |
| Dell | Dd6400 | - |
| Dell | Dd6900 | - |
| Dell | Dd9400 | - |
| Dell | Dd9410 | - |
| Dell | Dd9900 | - |
| Dell | Dd9910 | - |
| Dell | Dm5500 | - |
Related Weaknesses (CWE)
References
- https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologieVendor Advisory
- https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologieVendor Advisory
FAQ
What is CVE-2024-28973?
CVE-2024-28973 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit ...
How severe is CVE-2024-28973?
CVE-2024-28973 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-28973?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Data Domain Operating System, Dell Dd3300, Dell Dd6400, Dell Dd6900, Dell Dd9400.