CVE-2019-3770
Description
Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Dell Wyse Management Suite prior to 1.4.1 has a stored XSS vulnerability when unregistering a device, allowing low-privileged authenticated users to inject malicious scripts.
Vulnerability
A stored cross-site scripting (XSS) vulnerability exists in Dell Wyse Management Suite versions prior to 1.4.1 during the device unregistration process. When an authenticated user with low privileges unregisters a device, the application fails to sanitize user-supplied input, allowing stored malicious HTML or JavaScript code to be persisted and later executed in the browsers of victim users accessing the same data [1].
Exploitation
A remote attacker must first authenticate to the Wyse Management Suite with low-privileged credentials. The attacker then performs the device unregistration action while injecting a crafted payload into a field. No additional privileges or user interaction beyond normal browsing is required to trigger the stored payload when another user views the affected data [1].
Impact
Successful exploitation allows the attacker's stored script to execute in the context of the vulnerable application when victim administrators or users access the unregistration records. The scope is changed, leading to low confidentiality and low integrity impact — the attacker can view or modify data within the application's session but cannot directly target other applications [1].
Mitigation
Dell has released Wyse Management Suite version 1.4.1, which addresses this vulnerability. Users should upgrade to 1.4.1 or later to remediate the issue. The advisory (DSA-2019-161) provides details, and there is no known workaround available [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <1.4.1
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.dell.com/support/article/SLN319512mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.