CVE-2022-29096 — Cross-site Scripting in Dell Wyse Management Suite

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

CNA6.1

EPSS

0.6%

top 30.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Wyse Management Suite

Timeline

PublishedJun 24

Latest updateJun 25

Description

Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in saveGroupConfigurations page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5dell/wyse_management_suiteunspecified — 3.6.1

▶NVDdell/wyse_management_suite3.6.1

🔴Vulnerability Details

GHSA

GHSA-jp6h-4966-qv5r: Dell Wyse Management Suite 3↗2022-06-25

▶

CVEList

CVE-2022-29096: Dell Wyse Management Suite 3↗2022-06-24

▶