CVE-2013-3589

Dell Idrac6 Firmware < 1.95 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter.

References (2)

[US Government Resource] http://www.kb.cert.org/vuls/id/920038

[US Government Resource] http://www.kb.cert.org/vuls/id/BLUU-997QVW

Scores

EPSS 0.0104

EPSS Percentile 77.2%

Details

CWE

CWE-79

Status published

Products (18)

dell/idrac6_firmware < 1.95

dell/idrac6_firmware

dell/idrac6_monolithic

dell/idrac7_firmware < 1.40.40

... and 8 more

Published Sep 24, 2013

Tracked Since Feb 18, 2026