Vulnerability Note VU#950172
Dell OpenManage Server Administrator version 7.1.0.1 DOM-based XSS vulnerability
Overview
Dell OpenManage Server Administrator version 7.1.0.1 and earlier contains a DOM-based cross-site scripting vulnerability.
Description
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Dell OpenManage Server Administrator version 7.1.01 and earlier contains a DOM-based cross-site scripting vulnerability. |
Impact
A remote attacker may be able to execute arbitrary script in the context of the end-user's browser session. |
Solution
We are currently unaware of a practical solution to this problem. |
Restrict Access |
Vendor Information (Learn More)
The vulnerability reporter has confirmed that Dell OpenManage Server Administrator 6.5.0.1, 7.0.0.1 and 7.1.0.1 are affected by this vulnerability. |
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Dell Computer Corporation, Inc. | Affected | 20 Nov 2012 | 04 Jan 2013 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | 5.0 | AV:N/AC:L/Au:N/C:N/I:P/A:N |
| Temporal | 3.6 | E:U/RL:W/RC:UC |
| Environmental | 1.4 | CDP:LM/TD:L/CR:ND/IR:ND/AR:ND |
References
Credit
Thanks to Tenable Network Security for reporting this vulnerability.
This document was written by Michael Orlando.
Other Information
- CVE IDs: CVE-2012-6272
- Date Public: 09 Jan 2013
- Date First Published: 09 Jan 2013
- Date Last Updated: 09 Jan 2013
- Document Revision: 5
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.