Research & Development
$ #


DOM-based Cross-Site Scripting

8.8 (High)


Dell PowerProtect DD

prior to:, LTS, LTS,

Jakub Brzozowski (redfr0g), Franciszek Kalinowski, Stanisław Koza

Dell PowerProtect DD, versions prior to, LTS, LTS, contain a DOM-based Cross-Site Scripting vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability, leading to the injection of malicious HTML or JavaScript code into a victim user's DOM environment in the browser. Exploitation may lead to information disclosure, session theft, or client-side request forgery.


  • 05-10-2023 - vulnerability reported to vendor
  • 10-01-2024 - public security advisory released