CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-35170
https://notcve.org/view.php?id=CVE-2020-35170
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users’ sessions. Dell EMC Unisphere para PowerMax versiones anteriores a 9.1.0.9, Dell EMC Unisphere para PowerMax versiones anteriores a 9.0.2.16 y Dell EMC PowerMax OS versiones 5978.221.221 y 5978.479.479, contienen una vulnerabilidad de tipo Cross-Site Scripting (XSS). Un usuario malicioso autenticado puede potencialmente explotar esta vulnerabilidad para inyectar código javascript y afectar las sesiones de otros usuarios autenticados • https://www.dell.com/support/kbdoc/000181212 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2015-0545
https://notcve.org/view.php?id=CVE-2015-0545
EMC Unisphere for VMAX 8.x before 8.0.3.4 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors. EMC Unisphere for VMAX 8.x anterior a 8.0.3.4 monta el servicio Java Debugging Wire Protocol (JDWP), lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • http://seclists.org/bugtraq/2015/Jun/129 http://www.securitytracker.com/id/1032732 •