CVE-2024-28979 MEDIUM

CVE-2024-28979

Vendor Dell
Product Dell OpenManage Enterprise
Weakness CWE-79 · XSS
Published May 1, 2024
Last update August 20, 2024

CVSS base score

5.1/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Dell OpenManage Enterprise, versions 4.1.0 and older, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

Key dates

02Disclosure timeline

May 1, 2024 CVE published
August 20, 2024 Record updated