Dell KACE K1000 management appliance version 5.5.90545, and possibly earlier versions, contains a cross-site scripting (XSS) vulnerability. (CWE-79)
Dell KACE K1000 management appliance version 5.5.90545, and possibly earlier versions, contains a cross-site scripting (XSS) vulnerability. The "LABEL_ID" parameter in the "adminui/user_list.php" page is vulnerable.
A remote unauthenticated attacker may be able to execute arbitrary script in the context of the end-user's browser session.
Dell has provided this response to the vulnerability. Also, please consider the following workaround.
Thanks to William Costa for reporting this vulnerability.
This document was written by Jared Allar.
|Date First Published:||2014-02-04|
|Date Last Updated:||2014-02-11 20:43 UTC|