CVE-2019-3769 — Cross-site Scripting in Dell Wyse Management Suite

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.4MEDIUMNVD

EPSS

0.2%

top 59.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Wyse Management Suite

Timeline

PublishedMar 13

Latest updateMay 24

Description

Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious payload in the device heartbeat request. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:NExploitability: 3.1 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5dell/wyse_management_suiteunspecified — WMS 1.4.1

▶NVDdell/wyse_management_suite< 1.4.1

🔴Vulnerability Details

GHSA

GHSA-6w93-7hq8-m545: Dell Wyse Management Suite versions prior to 1↗2022-05-24

▶

CVEList

CVE-2019-3769: Dell Wyse Management Suite versions prior to 1↗2020-03-13

▶