CVE-2022-29096

MEDIUM

Dell Wyse Management Suite <3.6.1 - XSS

Title source: llm

Description

Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in saveGroupConfigurations page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.dell.com/support/kbdoc/en-us/000200215/dsa-2022-143-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities

Scores

CVSS v3 6.1

EPSS 0.0060

EPSS Percentile 69.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

dell/wyse_management_suite < 3.6.1

Published Jun 24, 2022

Tracked Since Feb 18, 2026