CVE-2024-28979
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Dell OpenManage Enterprise, versions prior to 4.1.0, contains an XSS injection vulnerability in UI. A high privileged local attacker could potentially exploit this vulnerability, leading to JavaScript injection.
Dell OpenManage Enterprise, versiones anteriores a la 4.1.0, contiene una vulnerabilidad de inyección XSS en la interfaz de usuario. Un atacante local con privilegios elevados podría explotar esta vulnerabilidad, lo que provocaría una inyección de JavaScript.
Dell OpenManage Enterprise, versions 4.1.0 and older, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-03-13 CVE Reserved
- 2024-05-01 CVE Published
- 2024-05-24 EPSS Updated
- 2024-08-20 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dell Search vendor "Dell" | Openmanage Enterprise Search vendor "Dell" for product "Openmanage Enterprise" | < 4.1.0 Search vendor "Dell" for product "Openmanage Enterprise" and version " < 4.1.0" | - |
Affected
| ||||||