Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-28973

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a high privileged victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery

Published

2024-06-26T03:15:09.640

Last Modified

2025-02-03T14:59:08.020

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	dell	data_domain_operating_system	≤ 7.13	Yes
Hardware	dell	dd3300	-	No
Hardware	dell	dd6400	-	No
Hardware	dell	dd6900	-	No
Hardware	dell	dd9400	-	No
Hardware	dell	dd9410	-	No
Hardware	dell	dd9900	-	No
Hardware	dell	dd9910	-	No
Operating System	dell	data_domain_operating_system	< 5.16.0.0	Yes
Hardware	dell	dm5500	-	No

References

https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities Vendor Advisory ([email protected])
https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)