Description
PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privileged malicious actor could potentially exploit this vulnerability, it could lead to script execution in the client browser.
Published: 2026-06-16
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

PowerStore contains a stored cross‑site scripting vulnerability in its Manager interface. A remotely authenticated low‑privileged user can store malicious scripts that are later executed in the browsers of users who view the affected content. This can allow the attacker to run arbitrary code in those browsers, potentially stealing session data or performing other client‑side attacks. The weakness is a classic stored XSS flaw, identified as CWE‑79.

Affected Systems

The vulnerability affects Dell PowerStore systems, specifically the PowerStore Manager component. No specific version information is provided in the advisory, so all deployments of PowerStore Manager should be considered vulnerable until a patch is released.

Risk and Exploitability

The CVSS base score of 5.4 indicates moderate severity. The EPSS score is below 1%, suggesting a low probability of exploitation at present, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires remote authentication with low‑privilege credentials and access to the Manager UI, so the attack surface is limited to users who can log in to the manager. Overall risk remains moderate but not critical.

Generated by OpenCVE AI on June 17, 2026 at 21:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest Dell PowerStore Manager update or patch that addresses the stored XSS issue from Dell’s support site
  • If a patch is not yet available, restrict network access to the PowerStore Manager UI to trusted administrators and eliminate or limit direct access from untrusted networks to reduce the attack surface
  • Enable or enforce web‑browser XSS protection mechanisms (such as the X‑XSS‑Protection header or a Content Security Policy) on the client machines that access the PowerStore Manager to mitigate the impact of any remaining scripts

Generated by OpenCVE AI on June 17, 2026 at 21:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 16 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerstore
Vendors & Products Dell
Dell powerstore

Tue, 16 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privileged malicious actor could potentially exploit this vulnerability, it could lead to script execution in the client browser.
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

Subscriptions

Dell Powerstore
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-06-16T18:01:35.903Z

Reserved: 2024-03-27T09:45:19.971Z

Link: CVE-2024-30476

cve-icon Vulnrichment

Updated: 2026-06-16T18:01:27.273Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T17:16:28.433

Modified: 2026-06-16T17:34:39.967

Link: CVE-2024-30476

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T18:00:05Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')