CVE Daily

CVE-2025-36605

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of I...

Medium CVSS 6.1

Overview

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

CWE: CWE-79 Published: 2025-08-04T14:15:32.703
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 6.1 (MEDIUM)
  • Detected tags: info_leak, unauth_access, xss (tag impact: HIGH)

Recommended actions:

  • Reduce verbose errors, remove debug endpoints, minimize PII in logs.
  • Enforce authentication/authorization; reduce default endpoint exposure.
  • Apply context-aware output encoding.
  • Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Recommended tools

Tags