CVE-2019-3769

MEDIUM

Dell Wyse Management Suite < 1.4.1 - Authenticated Stored Cross-Site Scripting via Device Heartbeat Request

Title source: llm
STIX 2.1

Description

Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious payload in the device heartbeat request. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.dell.com/support/article/SLN319512

Scores

CVSS v3 6.4
EPSS 0.0019
EPSS Percentile 40.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
dell/wyse_management_suite < 1.4.1
Published Mar 13, 2020
Tracked Since Feb 18, 2026