Reflected Cross-Site Scripting Vulnerability in Dell Wyse Management Suite
CVE-2022-29096
6.1MEDIUM
Summary
Dell Wyse Management Suite versions 3.6.1 and earlier are susceptible to a reflected cross-site scripting (XSS) vulnerability found on the saveGroupConfigurations page. This weakness allows an authenticated attacker to inject malicious HTML or JavaScript code, which could be executed in the browser of a user interacting with the vulnerable application. Such exploitation poses significant risks, including but not limited to information disclosure, session theft, and client-side request forgery. It is crucial for users of affected versions to implement security updates to mitigate these risks.
Affected Version(s)
Wyse Management Suite < 3.6.1
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved