CVE-2026-26357
CVSS Score
5.4
EPSS Score
0.0%
EPSS Percentile
0th
Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.
| CWE | CWE-79 |
| Vendor | dell |
| Product | unisphere for powermax 9.2.4.18 |
| Published | Feb 17, 2026 |
| Last Updated | Mar 6, 2026 |
Stay Ahead of the Next One
Get instant alerts for dell unisphere for powermax 9.2.4.18
Be the first to know when new medium vulnerabilities affecting dell unisphere for powermax 9.2.4.18 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected Versions
Dell / Unisphere for PowerMax 9.2.4.18
N/A < 9.2.4.19
Dell / Unisphere for PowerMax Virtual Appliance 9.2.4.17
N/A < 9.2.4.19