CVE-2019-3769
Description
Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious payload in the device heartbeat request. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Dell Wyse Management Suite prior to 1.4.1 contains a stored cross-site scripting vulnerability in the device heartbeat request, allowing low-privileged authenticated users to execute arbitrary scripts in victim browsers.
Vulnerability
Dell Wyse Management Suite (WMS) versions prior to 1.4.1 contain a stored cross-site scripting (XSS) vulnerability in the device heartbeat request. A remote authenticated malicious user with low privileges can inject malicious payloads into the heartbeat data. When other users access the submitted data through their browsers, the payload executes in the context of the vulnerable application [1].
Exploitation
An attacker must have a low-privilege authenticated account on the WMS. The attacker crafts a malicious heartbeat request containing JavaScript or HTML code. This request is stored by the server. When a victim user (e.g., an administrator) views the device heartbeat data via the web interface, the stored script executes in their browser, bypassing same-origin policy [1].
Impact
Successful exploitation allows the attacker to execute arbitrary scripts in the victim's browser within the WMS application context. This can lead to theft of session cookies, data exfiltration, or defacement. The CVSS v3 base score is 6.4 (Medium) with vector AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N, indicating low confidentiality and integrity impact but with scope change [1].
Mitigation
Dell has addressed this vulnerability in WMS version 1.4.1. Users should upgrade to this version or later. No workarounds are documented. The advisory is available in Dell Security Advisory DSA-2019-161 [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <1.4.1
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.dell.com/support/article/SLN319512mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.