CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1246
https://notcve.org/view.php?id=CVE-2018-1246
Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser. Dell EMC Unity y UnityVSA contiene una vulnerabilidad de Cross-Site Scripting (XSS) reflejado. Un atacante remoto no autenticado podría explotar esta vulnerabilidad engañando a un usuario de una aplicación víctima para que proporcione código HTML o JavaScript malicioso a Unisphere, que se devuelve a la víctima y es ejecutado por el navegador web. • https://seclists.org/fulldisclosure/2018/Sep/30 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1239
https://notcve.org/view.php?id=CVE-2018-1239
Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unity is installed. Dell EMC Unity Operating Environment (OE) en versiones anteriores a la 4.3.0.1522077968 se ve afectado por múltiples vulnerabilidades de inyección de comandos de sistema operativo. Un usuario de administración de la aplicación remoto podría explotar las vulnerabilidades para ejecutar comandos arbitrarios del sistema operativo como root del sistema en el sistema en el que esté instalado Dell EMC Unity. • http://seclists.org/fulldisclosure/2018/May/15 http://www.securityfocus.com/bid/104092 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •