CVE-2014-0330

Dell KACE K1000 Systems Management Appliance 5.5.90545 - Cross-Site Scripting via LABEL_ID Parameter

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in adminui/user_list.php on the Dell KACE K1000 management appliance 5.5.90545 allows remote attackers to inject arbitrary web script or HTML via the LABEL_ID parameter.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/65333
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/102855
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90954
Exploit, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/813382

Scores

EPSS 0.0143
EPSS Percentile 80.9%

Details

CWE
CWE-79
Status published
Products (2)
dell/kace_k1000_systems_management_appliance
dell/kace_k1000_systems_management_appliance_software 5.5.90545
Published Feb 06, 2014
Tracked Since Feb 18, 2026