CVE-2024-28973: XSS
First published: Wed Jun 26 2024(Updated: )
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a high privileged victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell PowerProtect | <8.0 | |
| All of | ||
| EMC Data Domain Operating System | >=7.0<=7.13 | |
| Any of | ||
| Dell DD3300 | ||
| Dell DD6400 | ||
| Dell DD6900 | ||
| Dell DD9400 | ||
| Dell DD9410 | ||
| Dell Dd9900 | ||
| Dell Dd9910 | ||
| All of | ||
| EMC Data Domain Operating System | <5.16.0.0 | |
| Dell Dm5500 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-28973?
CVE-2024-28973 has a high severity rating due to its potential for exploitation by a high privileged attacker.
How do I fix CVE-2024-28973?
To fix CVE-2024-28973, update to Dell PowerProtect DD version 8.0 or later, or to the appropriate LTS versions specified by Dell.
Which versions of Dell PowerProtect DD are affected by CVE-2024-28973?
CVE-2024-28973 affects Dell PowerProtect DD versions prior to 8.0 and specific LTS versions below the listed upgrades.
What type of vulnerability is CVE-2024-28973?
CVE-2024-28973 is classified as a Stored Cross-Site Scripting (XSS) vulnerability.
Can CVE-2024-28973 be exploited remotely?
Yes, CVE-2024-28973 can be exploited remotely by a high privileged attacker.
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/severity
- agent/last-modified-date
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- vendor/dell
- canonical/dell powerprotect
- canonical/emc data domain operating system
- version/emc data domain operating system/7.0
- version/emc data domain operating system/7.13
- canonical/dell dd3300
- canonical/dell dd6400
- canonical/dell dd6900
- canonical/dell dd9400
- canonical/dell dd9410
- canonical/dell dd9900
- canonical/dell dd9910
- canonical/dell dm5500 firmware