← Back to CVEs
CVE-2019-3770
MEDIUM6.4
Description
Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.
CVE Details
CVSS v3.1 Score6.4
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published3/13/2020
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
dell:wyse_management_suite
Weaknesses (CWE)
CWE-79CWE-79
References
https://www.dell.com/support/article/SLN319512(security_alert@emc.com)
https://www.dell.com/support/article/SLN319512(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.