CVE-2019-3770Cross-site Scripting in Dell Wyse Management Suite

CWE-79Cross-site ScriptingCWE-125Out-of-bounds Read20 documents4 sources
Severity
6.4MEDIUMNVD
EPSS
0.2%
top 59.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dell Wyse Management Suite
Timeline
PublishedMar 13
Latest updateMay 24

Description

Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:NExploitability: 3.1 | Impact: 2.7

Affected Packages2 packages

CVEListV5dell/wyse_management_suiteunspecifiedWMS 1.4.1

🔴Vulnerability Details

2
GHSA
GHSA-hpwv-4p77-xcc5: Dell Wyse Management Suite versions prior to 12022-05-24
CVEList
CVE-2019-3770: Dell Wyse Management Suite versions prior to 12020-03-13

📋Vendor Advisories

17
Red Hat
Mozilla: Out-of-bounds read in Skia2019-09-03
Red Hat
chromium-browser: V8 sealed/frozen elements cause crash2019-07-15
Red Hat
chromium-browser: Font sizes may expose sensitive information2019-07-15
Red Hat
chromium-browser: Use-after-free in Blink2019-06-13
Red Hat
chromium-browser: Use after free in Download Manager2019-06-04
CVE-2019-3770 — Cross-site Scripting in Dell | cvebase