CVE-2021-21541 MEDIUM

CVE-2021-21541

Vendor Dell
Product Integrated Dell Remote Access Controller (iDRAC)
Weakness CWE-79 · XSS
Published April 30, 2021
Last update September 16, 2024
View on NVD All CVEs

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application.

Key dates

02Disclosure timeline

April 30, 2021 CVE published
September 16, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-4394 Gravity Forms <= 2.9.30 - Unauthenticated Stored Cross-Site Scripting via Credit Card 'Card Type' Sub-Field CVE-2024-3851 Unrestricted File Upload Leading to XSS in imartinez/privategpt CVE-2022-0510 Cross-site Scripting (XSS) - Reflected in pimcore/pimcore CVE-2024-12077 Booking Calendar and Booking Calendar Pro <= Multiple Versions - Reflected Cross-Site Scripting via 'calendar_id' CVE-2021-21370 Cross-Site Scripting in Content Preview (CType menu)