Skip to main content

Wyse Management Suite CVE-2022-33929

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2022-08-10 security_alert@emc.com
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 10, 2022 - 17:15 nvd
MEDIUM 6.1

DescriptionNVD

Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in EndUserSummary page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

AnalysisAI

Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in EndUserSummary page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in EndUserSummary page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. Affected products include: Dell Wyse Management Suite.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2026-41120 CRITICAL
9.8 Jun 25

Remote code execution affects Dell Wyse Management Suite in all versions prior to WMS 5.5 HF1, stemming from the applica

CVE-2021-36336 CRITICAL
9.8 Dec 21

Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticat

CVE-2026-22765 HIGH
8.8 Feb 24

Dell Wyse Management Suite versions prior to 5.5 suffer from improper access controls that allow authenticated remote at

CVE-2022-33928 HIGH
8.8 Aug 10

Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. Rated high sever

CVE-2025-36574 HIGH
8.2 Jun 10

Dell Wyse Management Suite versions prior to 5.2 contain an Absolute Path Traversal vulnerability (CWE-36) that allows u

CVE-2018-11063 HIGH
7.8 Aug 10

Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Rated high severity (CVS

CVE-2025-29981 HIGH
7.5 Apr 02

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Querie

CVE-2025-36575 HIGH
7.5 Jun 10

A information disclosure vulnerability in an Exposure of Sensitive Information (CVSS 7.5). High severity vulnerability r

CVE-2022-33930 HIGH
7.5 Aug 10

Dell Wyse Management Suite 3.6.1 and below contains Information Disclosure in Devices error pages. Rated high severity (

CVE-2021-36337 HIGH
7.4 Dec 21

Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 whi

CVE-2026-49506 HIGH
7.2 Jun 25

Remote code execution in Dell Wyse Management Suite (versions prior to WMS 5.5 HF1) is reachable through a path traversa

CVE-2026-22766 HIGH
7.2 Feb 24

Remote code execution in Dell Wyse Management Suite versions before 5.5 via unrestricted file upload allows high-privile

Share

CVE-2022-33929 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy