{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23858", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2026-01-16T18:05:07.319Z", "datePublished": "2026-02-24T19:31:31.325Z", "dateUpdated": "2026-02-24T21:45:53.723Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Wyse Management Suite", "vendor": "Dell", "versions": [{"lessThan": "5.5", "status": "affected", "version": "N/A", "versionType": "semver"}]}], "datePublic": "2026-02-24T18:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script Injection."}], "value": "Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script Injection."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-02-24T19:31:31.325Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000429141/dsa-2026-103"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-24T21:45:35.890251Z", "id": "CVE-2026-23858", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T21:45:53.723Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-23858", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-24T21:45:35.890251Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T21:45:47.869Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "Wyse Management Suite", "versions": [{"status": "affected", "version": "N/A", "lessThan": "5.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2026-02-24T18:00:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000429141/dsa-2026-103", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script Injection.", "supportingMedia": [{"type": "text/html", "value": "Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script Injection.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-02-24T19:31:31.325Z"}}}, "cveMetadata": {"cveId": "CVE-2026-23858", "state": "PUBLISHED", "dateUpdated": "2026-02-24T21:45:53.723Z", "dateReserved": "2026-01-16T18:05:07.319Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2026-02-24T19:31:31.325Z", "assignerShortName": "dell"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:wyse_management_suite:*:*:*:*:*:*:*:*", "matchCriteriaId": "2785B726-7FD1-41C8-91F9-46100C01E215", "versionEndExcluding": "5.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script Injection."}], "id": "CVE-2026-23858", "lastModified": "2026-02-25T14:50:30.497", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2026-02-24T20:27:47.303", "references": [{"source": "security_alert@emc.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000429141/dsa-2026-103"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security_alert@emc.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,5.5)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Wyse Management Suite", "source": "cna", "vendor": "Dell"}, "product": "wyse_management_suite", "vendor": "dell"}], "analysis": {"en": {"generated_at": "2026-04-17T15:40:11.973591+00:00", "value": {"mitigation_remediation": ["Upgrade Dell Wyse Management Suite to version 5.5 or newer.", "Restrict remote access to the web interface for low\u2011privileged users or enforce least\u2011privilege access controls.", "Deploy a web application firewall to filter and block XSS payloads on the WMS web interface."], "summary": {"action": "Upgrade", "impact": "Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "Dell Wyse Management Suite installations running versions prior to 5.5, including 5.4 and earlier releases commonly used for thin\u2011client management in enterprise environments.", "description_and_impact": "The vulnerability is an improper neutralization of input during web page generation. An attacker with low privileges and remote access could inject malicious scripts into the web interface, enabling victim interaction to steal session tokens or perform unauthorized actions. The flaw exists in versions before Dell Wyse Management Suite 5.5 and could compromise confidentiality and integrity of data exposed through the web application.", "risk_and_exploitability": "The CVSS score of 5.4 indicates moderate severity and the EPSS score is less than 1%, implying that exploitation is currently unlikely. It has not been listed in CISA's Known Exploited Vulnerabilities catalog. Based on the description, an attacker would need low\u2011level remote access to the web interface, which is normally granted to system administrators or support personnel. Once authenticated, the attacker could inject scripts via unsanitized parameters to capture victim sessions, redirect users, or execute arbitrary client\u2011side actions."}}}}, "created": "2026-02-25T11:35:36.612033+00:00", "title": "Cross\u2011Site Scripting Vulnerability in Dell Wyse Management Suite 5.4 and Earlier", "updated": "2026-04-17T15:45:15.902344+00:00", "vendors": ["dell", "dell$PRODUCT$wyse_management_suite"]}