CVE Details
Basic Information
| Title | CVE-2025-36605 |
|---|---|
| Type | cve |
| Published | 2025-08-04T14:04:49.893Z |
| Modified | 2025-08-04T14:04:49.893Z |
Product Information
| Vendor | Dell |
|---|---|
| Product | Unity |
| Version | N/A |
CVSS Information
| Base Score | 6.1 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
AI Analysis
| AI Description | This vulnerability allows an unauthenticated attacker to execute malicious code in a user’s browser, potentially leading to information theft or unauthorized actions. |
|---|---|
| AI Severity | Medium |
| AI Vendor | Dell |
| AI Product | Unity |
| AI Version | 5.5 and prior |
Affected Products
- Dell Unity N/A
Additional Information
| CWE List | CWE-79 |
|---|---|
| Source | dell |
Description
Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in the CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user’s web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.