CVE-2021-21543 MEDIUM

CVE-2021-21543

Vendor Dell
Product Integrated Dell Remote Access Controller (iDRAC)
Weakness CWE-79 · XSS
Published April 30, 2021
Last update September 16, 2024

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected parameters. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.

Key dates

02Disclosure timeline

April 30, 2021 CVE published
September 16, 2024 Record updated