Dell Unisphere for PowerMax versions 9.2.4.x allow malicious web code to run in your browser

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.4

Dell Unisphere for PowerMax versions 9.2.4.x allow malicious web code to run in your browser

CVE-2026-26357

Summary

Dell Unisphere for PowerMax versions 9.2.4.x contain a security flaw that could allow an attacker to inject malicious code into your web browser, potentially stealing sensitive information or taking control of your session. To fix this, update to a newer version of Unisphere for PowerMax or apply the vendor's recommended patch.

Original title

Original description

Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

nvd CVSS3.1 5.4

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://www.dell.com/support/kbdoc/en-us/000402262/dsa-2025-425-dell-powermaxos-...

Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026