Article Number: 000200215
Medium
Third-Party Component |
CVEs |
More information |
---|---|---|
JQuery UI Library |
CVE-2021-41184 |
See NVD for individual scores for each CVE |
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
---|---|---|---|
CVE-2022-29096 |
Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in saveGroupConfigurations page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. |
6.1 |
|
CVE-2022-29097 |
Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application. |
4.9 |
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
---|---|---|---|
CVE-2022-29096 |
Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in saveGroupConfigurations page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. |
6.1 |
|
CVE-2022-29097 |
Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application. |
4.9 |
Product |
Affected Versions |
Updated Versions |
Link to Update |
Dell Wyse Management Suite |
3.6.1 and earlier |
3.7 |
|
Product |
Affected Versions |
Updated Versions |
Link to Update |
Dell Wyse Management Suite |
3.6.1 and earlier |
3.7 |
|
CVE-2022-29097: Dell Technologies would like to thank bugbounty2k20 for reporting this issue.
Revision |
Date |
Description |
1.0 |
2022-05-31 |
Initial Release |
Product Security Information, Wyse Management Suite
27 Jun 2023
Dell Security Advisory