CVE-2026-28263
Cross-Site Scripting in Dell PowerProtect Data Domain Enables Remote Attack
Publication date: 2026-04-17
Last updated on: 2026-05-05
Assigner: Dell
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dell | powerprotect_data_domain | From 8.3.1.0 (inc) to 8.3.1.20 (inc) |
| dell | powerprotect_data_domain | From 7.13.1.0 (inc) to 7.13.1.50 (inc) |
| dell | data_domain_operating_system | From 7.7.1.0 (inc) to 8.5.0.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a cross-site scripting (XSS) issue found in Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions from 7.7.1.0 through 8.5, including certain LTS2025 and LTS2024 release versions.
A highly privileged attacker with remote access could exploit this vulnerability to inject malicious scripts.
How can this vulnerability impact me? :
Exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the affected system.
This could lead to unauthorized actions such as data manipulation, theft of sensitive information, or disruption of system availability.