CVE-2021-21543
MEDIUMDell EMC iDRAC9 < 4.40.00.00 - Authenticated Stored Cross-Site Scripting via Multiple Parameters
Title source: llmDescription
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected parameters. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.dell.com/support/kbdoc/000185293
Scores
CVSS v3
4.8
EPSS
0.0040
EPSS Percentile
60.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
dell/idrac9_firmware
< 4.40.00.00
Published
Apr 30, 2021
Tracked Since
Feb 18, 2026