Unrated severityNVD Advisory· Published May 26, 2022· Updated Sep 16, 2024

CVE-2022-29091

Description

Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. An Unauthenticated Remote Attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Dell Unity, UnityVSA, and UnityXT versions prior to 5.2.0.0.5.173 contain a reflected XSS vulnerability in Unisphere GUI allowing unauthenticated remote attackers to execute malicious HTML/JavaScript in a victim's browser.

Vulnerability

Dell Unity, UnityVSA, and UnityXT operating environment versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting (XSS) vulnerability in the Unisphere GUI [1]. The vulnerability is present in the web interface where insufficient input validation allows injection of malicious HTML or JavaScript. No authentication is required to trigger the vulnerable code path, but user interaction is needed for the attack to succeed.

Exploitation

An unauthenticated remote attacker can craft a malicious URL that, when visited by a victim user, reflects malicious HTML or JavaScript code in the context of the vulnerable web application [1]. The attacker does not need any prior access or credentials. The victim must click the crafted link, possibly delivered via phishing or other social engineering techniques.

Impact

Successful exploitation leads to execution of attacker-controlled HTML or JavaScript in the victim's browser within the Unisphere GUI session [1]. This can result in information disclosure, session theft (e.g., cookie hijacking), or client-side request forgery, potentially allowing the attacker to perform actions on behalf of the authenticated user.

Mitigation

Dell has released the fix in Unity Operating Environment version 5.2.0.0.5.173 [1]. Administrators are advised to upgrade to this version or later. No workarounds are provided; updating the software is the recommended mitigation.

References

DSA-2022-138: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for a Cross-Site Scripting Vulnerability

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Dell/UnityXTllm-create
Range: <5.2.0.0.5.173
Sift/Unityllm-fuzzy
Range: <5.2.0.0.5.173
Dell/UnityVSAllm-fuzzy
Range: <5.2.0.0.5.173
Dell/Unity XTcpe-rescue
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.dell.com/support/kbdoc/000199446mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000