What is CVE-2013-3589?

CVE-2013-3589 is a vulnerability in Dell Idrac6_firmware, classified under Cross-site Scripting. Published 2013-09-24.

Is CVE-2013-3589 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Dell Idrac6_firmware

CVE-2013-3589

Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject ar…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.010 (77.8th percentile) — read the EPSS interpretation.

Affected products

Dell Idrac6_firmware — versions 1.0, 1.1, 1.2
Dell Idrac6_monolithic
Dell Idrac7
Dell Idrac7_firmware — versions 1.00.00, 1.06.06, 1.10.10
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

References

cret@cert.org (x_refsource_CONFIRM, US Government Resource)
VU#920038 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)

Frequently asked questions

What is CVE-2013-3589?: CVE-2013-3589 is a vulnerability in Dell Idrac6_firmware, classified under Cross-site Scripting. Published 2013-09-24.
Is CVE-2013-3589 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.