Details of VAR-202206-0293

ID

VAR-202206-0293

CVE

CVE-2022-26866

TITLE

Dell's powerstoreos Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-010906

DESCRIPTION

Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. Dell PowerStore all-flash data storage appliances use a data-centric, highly adaptable intelligent infrastructure to deliver AppsON capabilities to transform traditional and modern workloads

Trust: 2.34

sources: NVD: CVE-2022-26866 // JVNDB: JVNDB-2022-010906 // CNVD: CNVD-2022-83207 // VULHUB: VHN-417521 // VULMON: CVE-2022-26866

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-83207

AFFECTED PRODUCTS

vendor:	dell	model:	powerstoreos	scope:	lt	version:	2.1.1.0	Trust: 1.0
vendor:	デル	model:	powerstoreos	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	powerstoreos	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	powerstoreos	scope:	eq	version:	2.1.1.0	Trust: 0.8
vendor:	dell	model:	powerstore	scope:	lt	version:	2.1.1.0	Trust: 0.6

sources: CNVD: CNVD-2022-83207 // JVNDB: JVNDB-2022-010906 // NVD: CVE-2022-26866

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-26866
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2022-26866
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-26866
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2022-83207
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202206-415
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-417521
value:	LOW
Trust: 0.1
VULMON:	CVE-2022-26866
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-26866
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-83207
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-417521
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-26866
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.1
Trust: 2.0
NVD:	CVE-2022-26866
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-83207 // VULHUB: VHN-417521 // VULMON: CVE-2022-26866 // JVNDB: JVNDB-2022-010906 // CNNVD: CNNVD-202206-415 // NVD: CVE-2022-26866 // NVD: CVE-2022-26866

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.1
problemtype:	Cross-site scripting (CWE-79) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-417521 // JVNDB: JVNDB-2022-010906 // NVD: CVE-2022-26866

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-415

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202206-415

PATCH

title:	Patch for Dell PowerStore cross-site scripting vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/362276	Trust: 0.6
title:	Dell EMC PowerStore Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=195969	Trust: 0.6

sources: CNVD: CNVD-2022-83207 // CNNVD: CNNVD-202206-415

EXTERNAL IDS

db:	NVD	id:	CVE-2022-26866	Trust: 4.0
db:	JVNDB	id:	JVNDB-2022-010906	Trust: 0.8
db:	CNVD	id:	CNVD-2022-83207	Trust: 0.7
db:	CNNVD	id:	CNNVD-202206-415	Trust: 0.6
db:	VULHUB	id:	VHN-417521	Trust: 0.1
db:	VULMON	id:	CVE-2022-26866	Trust: 0.1

sources: CNVD: CNVD-2022-83207 // VULHUB: VHN-417521 // VULMON: CVE-2022-26866 // JVNDB: JVNDB-2022-010906 // CNNVD: CNNVD-202206-415 // NVD: CVE-2022-26866

REFERENCES

url:	https://www.dell.com/support/kbdoc/000196367	Trust: 3.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26866	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-26866/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-83207 // VULHUB: VHN-417521 // VULMON: CVE-2022-26866 // JVNDB: JVNDB-2022-010906 // CNNVD: CNNVD-202206-415 // NVD: CVE-2022-26866

SOURCES

db:	CNVD	id:	CNVD-2022-83207
db:	VULHUB	id:	VHN-417521
db:	VULMON	id:	CVE-2022-26866
db:	JVNDB	id:	JVNDB-2022-010906
db:	CNNVD	id:	CNNVD-202206-415
db:	NVD	id:	CVE-2022-26866

LAST UPDATE DATE

2024-11-23T21:58:20.063000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-83207	date:	2022-11-30T00:00:00
db:	VULHUB	id:	VHN-417521	date:	2022-06-13T00:00:00
db:	VULMON	id:	CVE-2022-26866	date:	2022-06-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-010906	date:	2023-08-17T08:35:00
db:	CNNVD	id:	CNNVD-202206-415	date:	2022-06-14T00:00:00
db:	NVD	id:	CVE-2022-26866	date:	2024-11-21T06:54:42.477

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-83207	date:	2022-11-30T00:00:00
db:	VULHUB	id:	VHN-417521	date:	2022-06-02T00:00:00
db:	VULMON	id:	CVE-2022-26866	date:	2022-06-02T00:00:00
db:	JVNDB	id:	JVNDB-2022-010906	date:	2023-08-17T00:00:00
db:	CNNVD	id:	CNNVD-202206-415	date:	2022-06-02T00:00:00
db:	NVD	id:	CVE-2022-26866	date:	2022-06-02T21:15:07.613