Reflected Cross-Site Scripting Vulnerability in Dell Wyse Management Suite
CVE-2022-29096

6.1MEDIUM

Key Information:

Vendor
Dell
Vendor
CVE Published:
24 June 2022

Summary

Dell Wyse Management Suite versions 3.6.1 and earlier are susceptible to a reflected cross-site scripting (XSS) vulnerability found on the saveGroupConfigurations page. This weakness allows an authenticated attacker to inject malicious HTML or JavaScript code, which could be executed in the browser of a user interacting with the vulnerable application. Such exploitation poses significant risks, including but not limited to information disclosure, session theft, and client-side request forgery. It is crucial for users of affected versions to implement security updates to mitigate these risks.

Affected Version(s)

Wyse Management Suite < 3.6.1

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.