Vulnerability Note VU#950172
Dell OpenManage Server Administrator version 7.1.0.1 DOM-based XSS vulnerability
Overview
Dell OpenManage Server Administrator version 7.1.0.1 and earlier contains a DOM-based cross-site scripting vulnerability.
Description
CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
Dell OpenManage Server Administrator version 7.1.01 and earlier contains a DOM-based cross-site scripting vulnerability.
Impact
A remote attacker may be able to execute arbitrary script in the context of the end-user’s browser session.
Solution
We are currently unaware of a practical solution to this problem.
Restrict Access
The Dell OpenManage Server Administrator interface should not be Internet facing.
Vendor Information (Learn More)
The vulnerability reporter has confirmed that Dell OpenManage Server Administrator 6.5.0.1, 7.0.0.1 and 7.1.0.1 are affected by this vulnerability.
VendorStatusDate NotifiedDate UpdatedDell Computer Corporation, Inc.Affected20 Nov 201204 Jan 2013If you are a vendor and your product is affected, let
us know.
CVSS Metrics (Learn More)
Group
Score
Vector
Base
5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Temporal
3.6
E:U/RL:W/RC:UC
Environmental
1.4
CDP:LM/TD:L/CR:ND/IR:ND/AR:ND
References
http://cwe.mitre.org/data/definitions/79.html
Credit
Thanks to Tenable Network Security for reporting this vulnerability.
This document was written by Michael Orlando.
Other Information
CVE IDs:
CVE-2012-6272
Date Public:
09 Jan 2013
Date First Published:
09 Jan 2013
Date Last Updated:
09 Jan 2013
Document Revision:
5
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.