CVE-2022-29096

Name of the Vulnerable Software and Affected Versions Dell Wyse Management Suite versions 3.6.1 and below

Description The issue is related to a Reflected Cross-Site Scripting vulnerability in the saveGroupConfigurations page. An authenticated attacker could exploit this, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser. This may result in information disclosure, session theft, or client-side request forgery.

Recommendations For versions 3.6.1 and below, update to a version above 3.6.1 to resolve the issue. As a temporary workaround, consider restricting access to the saveGroupConfigurations page until a patch is available.