CVE-2012-6272

Dell OpenManage Server Administrator 6.5.0.1, 7.0.0.1, 7.1.0.1 - Cross-Site Scripting via Topic Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-6272. PoCs published by Tenable NS.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Dell OpenManage Server Administrator by injecting arbitrary JavaScript code via an iframe in the URL. The vulnerability arises from insufficient input sanitization in the help system.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Dell OpenManage Server Administrator 6.5.0.1, 7.0.0.1, and 7.1.0.1 allow remote attackers to inject arbitrary web script or HTML via the topic parameter to html/index_main.htm in (1) help/sm/en/Output/wwhelp/wwhimpl/js/, (2) help/sm/es/Output/wwhelp/wwhimpl/js/, (3) help/sm/ja/Output/wwhelp/wwhimpl/js/, (4) help/sm/de/Output/wwhelp/wwhimpl/js/, (5) help/sm/fr/Output/wwhelp/wwhimpl/js/, (6) help/sm/zh/Output/wwhelp/wwhimpl/js/, (7) help/hip/en/msgguide/wwhelp/wwhimpl/js/, or (8) help/hip/en/msgguide/wwhelp/wwhimpl/common/.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Tenable NS · textremotemultiple
https://www.exploit-db.com/exploits/38179

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Dell OpenManage Server Administrator by injecting arbitrary JavaScript code via an iframe in the URL. The vulnerability arises from insufficient input sanitization in the help system.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Dell OpenManage Server Administrator 7.1.0.1 and prior
No auth needed
Prerequisites: Access to the target's OpenManage Server Administrator web interface
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/950172

Scores

EPSS 0.0281
EPSS Percentile 84.7%

Details

CWE
CWE-79
Status published
Products (3)
dell/openmanage_server_administrator 6.5.0.1
dell/openmanage_server_administrator 7.0.0.1
dell/openmanage_server_administrator 7.1.0.1
Published Jan 25, 2013
Tracked Since Feb 18, 2026