CVE-2020-29497

Published at:
2021-01-04T22:15:13.797
Source: [email protected]

Global infos:

Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code under the device tag. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.

CVE Status: Modified

References:

  • [email protected]
  • af854a3a-2127-422b-91ae-364da2661108
    •

    Metrics:

    AttributeValue
    Attack ComplexityLOW
    Attack VectorNETWORK
    Availability ImpactNONE
    Base Score5.4
    Base SeverityMEDIUM
    Confidentiality ImpactLOW
    Integrity ImpactLOW
    Privileges RequiredLOW
    ScopeCHANGED
    User InteractionREQUIRED
    Vector StringCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
    Exploitability Score2.3
    Impact Score2.7
    Source[email protected]
    TypePrimary

    Links:

    Exploit-db
    Github

    Most recherched CVEs
    Popular Keywords