Medium severity5.4NVD Advisory· Published Feb 17, 2026· Updated Apr 15, 2026

CVE-2026-23861

Description

Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Dell Unisphere for PowerMax vApp 9.2.4.x is vulnerable to stored XSS, allowing low-privileged remote attackers to execute malicious scripts in victims' browsers.

Vulnerability

Overview CVE-2026-23861 is a Cross-site Scripting (XSS) vulnerability in Dell Unisphere for PowerMax vApp, version 9.2.4.x. The root cause is improper neutralization of user input during web page generation, enabling an attacker to inject malicious HTML or JavaScript code [1].

Exploitation

Conditions A low-privileged attacker with remote access to the vulnerable web application can exploit this flaw. The attack does not require high privileges, but the victim user must interact with the crafted input, typically by viewing a malicious page or content within the application [1].

Impact

Successful exploitation allows the attacker to execute arbitrary script code in the victim's browser within the application's security context. This can lead to information disclosure, session theft, or client-side request forgery, compromising user data and application integrity [1].

Mitigation

Dell has addressed this vulnerability in a security update as part of DSA-2025-425 [1]. Users are advised to apply the latest patches to mitigate the risk.

References

DSA-2025-425: Dell PowerMaxOS, Dell PowerMax EEM, Dell Unisphere for PowerMax, Dell Unisphere for PowerMax Virtual Appliance, Dell Unisphere 360, Dell Solutions Enabler Virtual Appliance Security Update for Multiple Vulnerabilities

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Dell/Unisphere for PowerMaxllm-fuzzy
Range: 9.2.4.x

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.dell.com/support/kbdoc/en-us/000402262/dsa-2025-425-dell-powermaxos-dell-powermax-eem-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-unisphere-360-dell-solutions-enabler-virtual-appliance-security-update-for-multiple-vulnerabilitiesnvd

News mentions

No linked articles in our index yet.

cvss	0.351
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000