CVE-2022-33929 — Cross-site Scripting in Dell Wyse Management Suite

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.7%

top 28.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Wyse Management Suite

Timeline

PublishedAug 10

Latest updateAug 11

Description

Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in EndUserSummary page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5dell/wyse_management_suiteunspecified — 3.7

▶NVDdell/wyse_management_suite< 3.8.0

🔴Vulnerability Details

GHSA

GHSA-vwvj-x4j4-77x5: Dell Wyse Management Suite 3↗2022-08-11

▶

CVEList

CVE-2022-33929: Dell Wyse Management Suite 3↗2022-08-10

▶