CVE-2021-21543
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected parameters. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.
Dell EMC iDRAC9 versiones anteriores a 4.40.00.00, contienen múltiples vulnerabilidades de tipo cross-site scripting almacenado. Un usuario malicioso autenticado remoto con privilegios elevados podría explotar estas vulnerabilidades para almacenar código HTML o JavaScript malicioso por medio de múltiples parámetros afectados. Cuando los usuarios víctimas acceden a los datos enviados por medio de sus navegadores, el navegador web ejecuta el código malicioso en el contexto de la aplicación vulnerable.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-04 CVE Reserved
- 2021-04-30 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.dell.com/support/kbdoc/000185293 | 2021-05-10 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Dell Search vendor "Dell" | Idrac9 Firmware Search vendor "Dell" for product "Idrac9 Firmware" | < 4.40.00.00 Search vendor "Dell" for product "Idrac9 Firmware" and version " < 4.40.00.00" | - |
Affected
|