CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1246 – Dell EMC Unity Authorization Bypass / XSS / URL Redirection
https://notcve.org/view.php?id=CVE-2018-1246
19 Sep 2018 — Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser. Dell EMC Unity y UnityVSA contiene una vulnerabilidad de Cross-Site Scripting (XSS) reflejado. Un atacante remoto no autenticado podría explotar esta vulnerabilidad engañando a ... • https://seclists.org/fulldisclosure/2018/Sep/30 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 2%CPEs: 2EXPL: 0CVE-2018-1239 – Dell EMC Unity Family OS Command Injection
https://notcve.org/view.php?id=CVE-2018-1239
04 May 2018 — Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unity is installed. Dell EMC Unity Operating Environment (OE) en versiones anteriores a la 4.3.0.1522077968 se ve afectado por múltiples vulnerabilidades de inyección de comandos de sistema operativo. Un usuario de ad... • http://seclists.org/fulldisclosure/2018/May/15 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •