First published: Fri Sep 28 2018(Updated: )
Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Dell EMC Unity Operating Environment | <4.3.1.1525703027 | |
Dell Emc Unityvsa Operating Environment | <4.3.1.1525703027 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-1246 is a vulnerability in Dell EMC Unity and UnityVSA that allows remote unauthenticated attackers to conduct cross-site scripting attacks.
CVE-2018-1246 affects Dell EMC Unity and UnityVSA versions up to and including 4.3.1.1525703027.
CVE-2018-1246 has a severity rating of 6.1 (medium).
An attacker can exploit CVE-2018-1246 by tricking a victim application user to supply malicious HTML or JavaScript code to Unisphere, which is then reflected back to the victim.
To mitigate CVE-2018-1246, users should update to a version of Dell EMC Unity and UnityVSA beyond 4.3.1.1525703027.