CVE-2019-18578

CRITICAL

Dell XtremIO Management Server < 6.3.0 - Stored Cross-Site Scripting

Title source: llm

Description

Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HTML or JavaScript code in application fields. When victim users access the injected page through their browsers, the malicious code may be executed by the web browser in the context of the vulnerable web application.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.dell.com/support/security/en-us/details/539703/DSA-2019-172-Dell-EMC-XtremIO-Security-Update-for-Multiple-Vulnerabilities

Scores

CVSS v3 9.0

EPSS 0.0056

EPSS Percentile 68.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Details

CWE

CWE-79

Status published

Products (1)

dell/xtremio_management_server < 6.3.0

Published Mar 13, 2020

Tracked Since Feb 18, 2026