XSS Vulnerability in Dell KACE K1000 Management Appliance
CVE-2014-0330

Currently unrated

Key Information:

Vendor: Dell
Status: Kace K1000 Systems Management Appliance Software; Kace K1000 Systems Management Appliance
Vendor: CVE Published:; 6 February 2014

Summary

A cross-site scripting vulnerability exists in the adminui/user_list.php component of the Dell KACE K1000 management appliance version 5.5.90545. This flaw allows remote attackers to inject arbitrary web scripts or HTML content by manipulating the LABEL_ID parameter. Successful exploitation may lead to session hijacking or unauthorized actions performed on behalf of the victims.

References

http://www.securityfocus.com/bid/65333

vdb-entryx_refsource_BID

http://osvdb.org/102855

vdb-entryx_refsource_OSVDB

https://exchange.xforce.ibmcloud.com/vulnerabilities/90954

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Feb 6, 2014
Vulnerability Reserved
Dec 5, 2013