CVE-2022-26866
Description
Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Dell PowerStore before v2.1.1.0 contains a stored XSS vulnerability allowing high-privileged attackers to inject malicious scripts, leading to information disclosure or session theft.
Vulnerability
Dell PowerStore versions before v2.1.1.0 contain a stored cross-site scripting (XSS) vulnerability in the web application. A high-privileged authenticated attacker can inject malicious HTML or JavaScript code into a trusted application data store. The code persists and is later executed when a victim user accesses the data store via a browser. This affects all PowerStore versions prior to the fix released in v2.1.1.0 [1].
Exploitation
An attacker with high privileges (e.g., administrator) on the PowerStore system can craft malicious HTML or JavaScript and store it in the application data store. No user interaction is required for the storage phase. When another user (the victim) views the affected data store through their browser, the malicious script executes within the context of the vulnerable web application. The attack vector is network-based with low complexity [1].
Impact
Successful exploitation leads to execution of arbitrary script in the victim's browser. This can result in information disclosure, session theft (e.g., hijacking of authenticated sessions), or client-side request forgery. The impact on confidentiality and integrity is limited (CVSS v3.1 Base Score: 5.5, AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N) [1].
Mitigation
Dell has addressed this vulnerability in PowerStore version 2.1.1.0 and later. Users should upgrade to the latest version as specified in Dell Security Advisory DSA-2022-014 [1]. No workarounds are provided; upgrading is the recommended mitigation.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <2.1.1.0
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.dell.com/support/kbdoc/000196367mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.