CVE-2014-0330

Dell KACE K1000 <5.5.90545 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in adminui/user_list.php on the Dell KACE K1000 management appliance 5.5.90545 allows remote attackers to inject arbitrary web script or HTML via the LABEL_ID parameter.

References (4)

[Third Party Advisory, VDB Entry] http://osvdb.org/102855

[Exploit, US Government Resource] http://www.kb.cert.org/vuls/id/813382

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/90954

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/65333

Scores

EPSS 0.0143

EPSS Percentile 80.5%

Details

CWE

CWE-79

Status published

Products (3)

dell/kace_k1000_systems_management_appliance_software

dell/kace_k1000_systems_management_appliance

n/a/n/a

Published Feb 06, 2014

Tracked Since Feb 18, 2026