vulnerability

Dell iDRAC: CVE-2020-26198: DSA-2020-268: Dell EMC iDRAC9 Reflected XSS Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Dec 14, 2020	Nov 3, 2023	Nov 26, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Dec 14, 2020

Added

Nov 3, 2023

Modified

Nov 26, 2025

Description

Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting vulnerability in the iDRAC9 web application. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim's browser by tricking a victim in to following a specially crafted link.

Solution

dell-idrac-upgrade-latest

References

URL-https://www.dell.com/support/kbdoc/en-us/000181088/dsa-2020-268-dell-emc-idrac9-reflected-xss-vulnerability
CVE-2020-26198
https://attackerkb.com/topics/CVE-2020-26198
CWE-79

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today