CVE-2024-22230 MEDIUM

CVE-2024-22230

Vendor Dell

Product Unity

Weakness CWE-79 · XSS

Published February 12, 2024

Last update August 19, 2024

View on NVD All CVEs

CVSS base score

6.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out any actions that this user could perform, or to generally control the victim's browser.

Key dates

02Disclosure timeline

February 12, 2024 CVE published

August 19, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-22230 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-37565 WordPress Gum Elementor Addon plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability CVE-2021-24895 Cybersoldier < 1.7.0 - Admin+ Stored Cross-Site Scripting CVE-2025-13892 MG AdvancedOptions <= 1.2 - Reflected Cross-Site Scripting CVE-2024-4623 Blogmentor – Blog Layouts for Elementor <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via pagination_style Parameter CVE-2026-54198 WordPress Media LIbrary Assistant plugin <= 3.35 - Reflected Cross Site Scripting (XSS) vulnerability