CVE-2026-28263

| EUVD-2026-23413 MEDIUM
2026-04-17 dell GHSA-6w3g-2v88-h993
XSS Dell
5.9
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

2
patch_available
Apr 17, 2026 - 13:01 EUVD
Analysis Generated
Apr 17, 2026 - 12:13 vuln.today

DescriptionNVD

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a cross-site Scripting vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

AnalysisAI

Dell PowerProtect Data Domain contains a reflected cross-site scripting (XSS) vulnerability affecting DD OS Feature Release versions 7.7.1.0-8.5, LTS2025 versions 8.3.1.0-8.3.1.20, and LTS2024 versions 7.13.1.0-7.13.1.50. A high-privileged remote attacker can inject malicious scripts into the web interface via crafted requests; if a victim administrator views the malicious link, the script executes in their browser context, potentially leading to credential theft, session hijacking, or unauthorized administrative actions. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-28263 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy