CVE-2026-26357

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-26357
Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

5.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://www.dell.com/support/kbdoc/en-us/000402262/dsa-2025-425-dell-powermaxos-dell-powermax-eem-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-unisphere-360-dell-solutions-enabler-virtual-appliance-security-update-for-multiple-vulnerabilities
Configurations

No configuration.

History

18 Feb 2026, 17:51

Type Values Removed Values Added
Summary
  • (es) Dell Unisphere para PowerMax, versión(es) 9.2.4.x, tiene una vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting'). Un atacante con pocos privilegios con acceso remoto podría, potencialmente, explotar esta vulnerabilidad, lo que llevaría a la ejecución de código HTML o JavaScript malicioso en el navegador web de un usuario víctima en el contexto de la aplicación web vulnerable. La explotación puede llevar a revelación de información, robo de sesión, o falsificación de solicitudes del lado del cliente.

17 Feb 2026, 20:22

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-17 20:22

Updated : 2026-02-18 17:51

NVD link : CVE-2026-26357

Mitre link : CVE-2026-26357

CVE.ORG link : CVE-2026-26357

JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')