CVE-2020-29497
Description
Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code under the device tag. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Dell Wyse Management Suite prior to 3.1 contains a stored XSS vulnerability allowing low-privileged authenticated users to inject malicious scripts via device tags.
Vulnerability
Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated user with low privileges can store malicious HTML or JavaScript code in the device tag field. When other users access the submitted data through their browsers, the code executes in the context of the vulnerable application. [1]
Exploitation
An attacker must be authenticated with low privileges. The attacker crafts malicious HTML/JavaScript and stores it under a device tag. When a victim user (e.g., an administrator) views the device details, the injected script executes in the victim's browser. No additional user interaction is required beyond normal browsing.
Impact
Successful exploitation allows the attacker to execute arbitrary JavaScript in the victim's browser. This can lead to session hijacking, data theft, or defacement of the application interface. The CVSS v3.1 base score is 5.4 (Medium). [1]
Mitigation
Dell released version 3.1 to address this vulnerability. Users should upgrade to Wyse Management Suite 3.1 or later. No official workarounds are documented. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <3.1
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.dell.com/support/kbdoc/en-us/000180983/dsa-2020-282mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.