CVE-2014-0330

Name of the Vulnerable Software and Affected Versions Dell KACE K1000 management appliance version 5.5.90545

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the LABEL ID parameter in the adminui/user list.php file. This could potentially lead to unauthorized actions on the affected system.

Recommendations For version 5.5.90545, avoid using the LABEL ID parameter in the adminui/user list.php file until a fix is available. As a temporary workaround, consider restricting access to the adminui/user list.php file to minimize the risk of exploitation.