Vulnerability Note VU#950172
Dell OpenManage Server Administrator version 22.214.171.124 DOM-based XSS vulnerability
Dell OpenManage Server Administrator version 126.96.36.199 and earlier contains a DOM-based cross-site scripting vulnerability.
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Dell OpenManage Server Administrator version 7.1.01 and earlier contains a DOM-based cross-site scripting vulnerability.
A remote attacker may be able to execute arbitrary script in the context of the end-user's browser session.
We are currently unaware of a practical solution to this problem.
Vendor Information (Learn More)
The vulnerability reporter has confirmed that Dell OpenManage Server Administrator 188.8.131.52, 184.108.40.206 and 220.127.116.11 are affected by this vulnerability.
|Vendor||Status||Date Notified||Date Updated|
|Dell Computer Corporation, Inc.||Affected||20 Nov 2012||04 Jan 2013|
CVSS Metrics (Learn More)
Thanks to Tenable Network Security for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: CVE-2012-6272
- Date Public: 09 Jan 2013
- Date First Published: 09 Jan 2013
- Date Last Updated: 09 Jan 2013
- Document Revision: 5
If you have feedback, comments, or additional information about this vulnerability, please send us email.