{"vuid":"VU#950172","idnumber":"950172","name":"Dell OpenManage Server Administrator version 7.1.0.1 DOM-based XSS vulnerability","keywords":["dell","openmanage","xss","cwe-79"],"overview":"Dell OpenManage Server Administrator version 7.1.0.1 and earlier contains a DOM-based cross-site scripting vulnerability.","clean_desc":"CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nDell OpenManage Server Administrator version 7.1.01 and earlier contains a DOM-based cross-site scripting vulnerability. Example: https://www.example.com:1311/help/sm/en/Output/wwhelp/wwhimpl/js/html/index_main.htm?topic=\"></iframe><iframe src=\"javascript:alert(/xss/) Note the affected file is located in multiple locations: /help/sm/es/Output/wwhelp/wwhimpl/js/html/index_main.htm\n/help/sm/ja/Output/wwhelp/wwhimpl/js/html/index_main.htm\n/help/sm/de/Output/wwhelp/wwhimpl/js/html/index_main.htm\n/help/sm/fr/Output/wwhelp/wwhimpl/js/html/index_main.htm\n/help/sm/zh/Output/wwhelp/wwhimpl/js/html/index_main.htm\n/help/hip/en/msgguide/wwhelp/wwhimpl/js/html/index_main.htm\n/help/hip/en/msgguide/wwhelp/wwhimpl/common/html/index_main.htm","impact":"A remote attacker may be able to execute arbitrary script in the context of the end-user's browser session.","resolution":"Apply an update Dell has released OMSA 7.4 to address this vulnerability.","workarounds":"Restrict Access The Dell OpenManage Server Administrator interface should not be Internet facing.","sysaffected":"The vulnerability reporter has confirmed that Dell OpenMana","thanks":"Thanks to Tenable Network Security for reporting this vulnerability.","author":"This document was written by Michael Orlando.","public":["h","t","t","p",":","/","/","c","w","e",".","m","i","t","r","e",".","o","r","g","/","d","a","t","a","/","d","e","f","i","n","i","t","i","o","n","s","/","7","9",".","h","t","m","l"],"cveids":["CVE-2012-6272"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2012-11-20T14:27:56Z","publicdate":"2013-01-09T00:00:00Z","datefirstpublished":"2013-01-09T12:29:13Z","dateupdated":"2015-09-17T19:55:07Z","revision":7,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"N","cvss_integrityimpact":"P","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"W","cvss_reportconfidence":"UC","cvss_collateraldamagepotential":"LM","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"5","cvss_basevector":"AV:N/AC:L/Au:N/C:N/I:P/A:N","cvss_temporalscore":"3.6","cvss_environmentalscore":"1.3806220115055","cvss_environmentalvector":"CDP:LM/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}