CVE-2026-23858

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.0%

top 89.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Wyse Management Suite

Timeline

PublishedFeb 24

Description

Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script Injection.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5dell/wyse_management_suiteN/A — 5.5

▶NVDdell/wyse_management_suite< 5.5

Patches

Patch: www.dell.com ↗

🔴Vulnerability Details

CVEList

CVE-2026-23858: Dell Wyse Management Suite, versions prior to WMS 5↗2026-02-24

▶

GHSA

GHSA-vcqv-v77g-qhch: Dell Wyse Management Suite, versions prior to WMS 5↗2026-02-24

▶