CVE-2019-3769
https://notcve.org/view.php?id=CVE-2019-3769
Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious payload in the device heartbeat request. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. Dell Wyse Management Suite versiones anteriores a 1.4.1, contiene una vulnerabilidad de tipo cross-site scripting almacenado. Un usuario malicioso autenticado remoto con pocos privilegios podría explotar esta vulnerabilidad para almacenar una carga útil maliciosa en la petición heartbeats del dispositivo. • https://www.dell.com/support/article/SLN319512 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-11063
https://notcve.org/view.php?id=CVE-2018-11063
Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Affected software installs multiple services incorrectly by specifying the paths to the service executables without quotes. This could potentially allow a low-privileged local user to execute arbitrary executables with elevated privileges. Dell WMS, en versiones 1.1 y anteriores, se ha visto afectado por múltiples vulnerabilidad de ruta de servicio sin entrecomillar. El software afectado instala múltiples servicios incorrectamente especificando las rutas a los ejecutables del servicio sin entrecomillar. • https://www.dell.com/support/article/us/en/19/sln313398/dell-wyse-management-suite-multiple-unquoted-service-path-vulnerabilities?lang=en • CWE-428: Unquoted Search Path or Element •