CVE-2019-3769: XSS
First published: Fri Mar 13 2020(Updated: )
Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious payload in the device heartbeat request. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell Wyse Management Suite | <1.4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for Dell Wyse Management Suite?
The vulnerability ID for Dell Wyse Management Suite is CVE-2019-3769.
What is the severity of CVE-2019-3769?
The severity of CVE-2019-3769 is medium with a CVSS score of 6.4.
How can a remote authenticated malicious user exploit CVE-2019-3769?
A remote authenticated malicious user with low privileges can exploit CVE-2019-3769 by storing a malicious payload in the device heartbeat request.
What software versions are affected by CVE-2019-3769?
Dell Wyse Management Suite versions prior to 1.4.1 are affected by CVE-2019-3769.
Where can I find more information about CVE-2019-3769?
You can find more information about CVE-2019-3769 on the Dell support website: https://www.dell.com/support/article/SLN319512.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/dell
- canonical/dell wyse management suite