CVE-2024-0169 MEDIUM

CVE-2024-0169

Vendor Dell

Product Unity

Weakness CWE-79 · XSS

Published February 12, 2024

Last update April 24, 2025

View on NVD All CVEs

CVSS base score

5.7/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Dell Unity, version(s) 5.3 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

Key dates

02Disclosure timeline

February 12, 2024 CVE published

April 24, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-0169 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2023-47662 WordPress Live Gold Price & Silver Price Charts Widgets Plugin <= 2.4 is vulnerable to Cross Site Scripting (XSS) CVE-2020-36988 PDW File Browser <= v1.3 - Cross-Site Scripting (XSS) CVE-2026-22519 WordPress MediaPress plugin <= 1.6.2 - Cross Site Scripting (XSS) vulnerability CVE-2025-12518 Stored XSS in beefree.io CVE-2025-12670 wp-twitpic <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting