CVE-2021-21541

MEDIUM

Dell EMC iDRAC9 < 4.40.00.00 - DOM-based Cross-Site Scripting

Title source: llm
STIX 2.1

Description

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.dell.com/support/kbdoc/000185293

Scores

CVSS v3 6.1
EPSS 0.0103
EPSS Percentile 77.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
dell/idrac9_firmware < 4.40.00.00
Published Apr 30, 2021
Tracked Since Feb 18, 2026