Dell Unisphere for PowerMax: Malicious Code Can Run in Browser

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.4

Dell Unisphere for PowerMax: Malicious Code Can Run in Browser

CVE-2026-23861

Summary

A security weakness in Dell Unisphere for PowerMax could allow an attacker to run malicious code in a user's web browser, potentially stealing information or taking control of user sessions. This vulnerability affects version 9.2.4.x of the software. To stay secure, Dell recommends applying the latest updates and following recommended security best practices to minimize risk.

Original title

Original description

Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

nvd CVSS3.1 5.4

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://www.dell.com/support/kbdoc/en-us/000402262/dsa-2025-425-dell-powermaxos-...

Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026