CVE-2021-21541
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application.
Dell EMC iDRAC9 versiones anteriores a 4.40.00.00, contiene una vulnerabilidad de tipo cross-site scripting basada en DOM. Un atacante remoto no autenticado podría explotar potencialmente esta vulnerabilidad engañando al usuario de la aplicación víctima para que suministre un código HTML o JavaScript malicioso al entorno DOM en el navegador. A continuación, el navegador web ejecuta el código malicioso en el contexto de la aplicación web vulnerable.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-04 CVE Reserved
- 2021-04-30 CVE Published
- 2024-04-17 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.dell.com/support/kbdoc/000185293 | 2021-05-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dell Search vendor "Dell" | Idrac9 Firmware Search vendor "Dell" for product "Idrac9 Firmware" | < 4.40.00.00 Search vendor "Dell" for product "Idrac9 Firmware" and version " < 4.40.00.00" | - |
Affected
| ||||||