Skip to main content

Storage Manager CVE-2025-23379

LOW
Cross-site Scripting (XSS) (CWE-79)
2025-05-06 security_alert@emc.com
3.5
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.5 LOW
AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:40 vuln.today
CVE Published
May 06, 2025 - 16:15 nvd
LOW 3.5

DescriptionCVE.org

Dell Storage Center - Dell Storage Manager, version(s) 21.0.20, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection.

AnalysisAI

Dell Storage Center - Dell Storage Manager, version(s) 21.0.20, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. Rated low severity (CVSS 3.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Dell Storage Center - Dell Storage Manager, version(s) 21.0.20, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection. Affected products include: Dell Storage Manager.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2015-5371 CRITICAL POC
10.0 Jul 06

The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scr

CVE-2012-2576 CRITICAL POC
9.8 Dec 20

SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Prof

CVE-2015-7838 CRITICAL
10.0 Oct 15

ProcessFileUpload.jsp in SolarWinds Storage Manager before 6.2 allows remote attackers to upload and execute arbitrary f

CVE-2017-14374 CRITICAL
9.8 Dec 06

The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded

CVE-2021-32522 CRITICAL
9.8 Jul 07

Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager, XEVO, SANOS allows remo

CVE-2021-32521 CRITICAL
9.8 Jul 07

Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local attackers to escalate

CVE-2021-32520 CRITICAL
9.8 Jul 07

Use of hard-coded cryptographic key vulnerability in QSAN Storage Manager allows attackers to obtain users’ credentials

CVE-2021-32513 CRITICAL
9.8 Jul 07

QsanTorture in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attac

CVE-2021-32512 CRITICAL
9.8 Jul 07

QuickInstall in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated atta

CVE-2025-22477 HIGH
8.3 May 06

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. Rat

CVE-2025-22478 HIGH
8.1 May 06

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entit

CVE-2021-32527 HIGH
7.5 Jul 07

Path traversal vulnerability in QSAN Storage Manager allows remote unauthenticated attackers to download arbitrary files

Share

CVE-2025-23379 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy