CVE-2012-6272— Dell OpenManage Server Administrator ‘topic’跨站脚本漏洞

N/A

Multiple cross-site scripting (XSS) vulnerabilities in Dell OpenManage Server Administrator 6.5.0.1, 7.0.0.1, and 7.1.0.1 allow remote attackers to inject arbitrary web script or HTML via the topic parameter to html/index_main.htm in (1) help/sm/en/Output/wwhelp/wwhimpl/js/, (2) help/sm/es/Output/wwhelp/wwhimpl/js/, (3) help/sm/ja/Output/wwhelp/wwhimpl/js/, (4) help/sm/de/Output/wwhelp/wwhimpl/js/, (5) help/sm/fr/Output/wwhelp/wwhimpl/js/, (6) help/sm/zh/Output/wwhelp/wwhimpl/js/, (7) help/hip/en/msgguide/wwhelp/wwhimpl/js/, or (8) help/hip/en/msgguide/wwhelp/wwhimpl/common/.

N/A

N/A

Dell OpenManage Server Administrator ‘topic’跨站脚本漏洞

Dell OpenManage Server Administrator（OMSA）是美国戴尔（Dell）公司的一套系统管理解决方案。该方案支持在线诊断、系统运行情况检测、设备管理等。 Dell OpenManage Server Administrator 7.1.01和之前版本中存在跨站脚本漏洞，该漏洞源于返回给用户之前程序没有正确验证输入传递到help/sm/en/Output/wwhelp/wwhimpl/js/html/index_main.htm中的‘topic’参数。攻击者利用该漏洞在受影响

N/A

N/A