← back
CVE-2019-3770

CVE-2019-3770

CVSS 6.4 MEDIUMEPSS 0.7%CWE-79
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.4EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
13 Mar 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Affected products
Dell · Wyse Management Suite

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.dell.com/support/article/SLN319512