CVE-2026-23858

MEDIUM

Dell Wyse Management Suite <5.5 - XSS

Title source: llm

Description

Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script Injection.

References (1)

[Various Sources] https://www.dell.com/support/kbdoc/en-us/000429141/dsa-2026-103

Scores

CVSS v3 5.4

EPSS 0.0003

EPSS Percentile 8.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (1)

dell/wyse_management_suite < 5.5

Timeline

Published Feb 24, 2026

Tracked Since Feb 25, 2026