CVE-2020-29496 — Cross-site Scripting in Dell Wyse Management Suite

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.8MEDIUMNVD

EPSS

0.2%

top 61.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Wyse Management Suite

Timeline

PublishedJan 4

Latest updateMay 24

Description

Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with high privileges could exploit this vulnerability to store malicious HTML or JavaScript code while creating the Enduser. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5dell/wyse_management_suiteunspecified — 3.1

▶NVDdell/wyse_management_suite< 3.1

🔴Vulnerability Details

GHSA

GHSA-hc8f-9595-gg78: Dell Wyse Management Suite versions prior to 3↗2022-05-24

▶

CVEList

CVE-2020-29496: Dell Wyse Management Suite versions prior to 3↗2021-01-04

▶