VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 10, 2022· Updated Sep 17, 2024

CVE-2022-33929

CVE-2022-33929

Description

Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in EndUserSummary page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Reflected XSS in Dell Wyse Management Suite 3.6.1 and below allows authenticated attackers to execute malicious scripts in victim's browser.

Vulnerability

A reflected cross-site scripting vulnerability exists in the EndUserSummary page of Dell Wyse Management Suite versions 3.6.1 and below. An authenticated attacker can inject malicious HTML or JavaScript via crafted input that is reflected back to the victim's browser without proper sanitization. Affected versions: 3.6.1 and earlier.

Exploitation

An attacker must be authenticated to the Wyse Management Suite and craft a malicious link containing the XSS payload. The victim, also authenticated, must click the link. The payload executes in the context of the vulnerable web application, leading to potential session theft or client-side request forgery.

Impact

Successful exploitation allows the attacker to execute arbitrary HTML/JavaScript in the victim's browser, leading to information disclosure, session hijacking, or client-side request forgery. The attacker gains the ability to perform actions on behalf of the victim within the application.

Mitigation

Dell released a security update (DSA-2022-134) addressing this vulnerability [1]. Users should upgrade to Wyse Management Suite version 3.7 or later. No workarounds are documented. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog as of publication.

References
  1. DSA-2022-134: Dell Wyse Management Suite Security Update for Multiple Vulnerabilities.

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.