CVE-2013-3589
Dell iDRAC6 and iDRAC7 - Cross-Site Scripting via Login Page ErrorMsg Parameter
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter.
References (2)
Core 2
Core References
US Government Resource x_refsource_confirm
http://www.kb.cert.org/vuls/id/BLUU-997QVW
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/920038
Scores
EPSS
0.0104
EPSS Percentile
77.6%
Details
CWE
CWE-79
Status
published
Products (17)
dell/idrac6_firmware
1.0
dell/idrac6_firmware
1.1
dell/idrac6_firmware
1.2
dell/idrac6_firmware
1.3
dell/idrac6_firmware
1.5
dell/idrac6_firmware
1.6
dell/idrac6_firmware
1.8
dell/idrac6_firmware
< 1.95
dell/idrac6_monolithic
dell/idrac7
... and 7 more
Published
Sep 24, 2013
Tracked Since
Feb 18, 2026