Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.4
Dell Wyse Management Suite: Unvalidated Input in Web Pages
CVE-2026-23858
Summary
Dell Wyse Management Suite versions before 5.5 have a security issue that could allow an attacker to inject malicious code into web pages. This could potentially allow an attacker to take control of a user's session. Dell has released an update to fix this issue, so make sure to install it if you're using one of these older versions.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| dell | wyse_management_suite | <= 5.5 | – |
Original title
Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with ...
Original description
Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script Injection.
nvd CVSS3.1
5.4
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
- https://www.dell.com/support/kbdoc/en-us/000429141/dsa-2026-103 Patch Vendor Advisory
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026