Dell KACE K1000 LABEL_ID Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is running Dell KACE K1000 Systems Management Appliance and is prone to cross site scripting vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary script. Impact Level: Application

Solution

Upgrade to latest version of Dell KACE K1000 SMA or Apply the workaround mentioned below link, http://www.kace.com/support/resources/kb/solutiondetail?sol=SOL120154 For updates refer to http://www.kace.com/products/systems-management-appliance

Insight

The flaw is in adminui/user_list.php script which fails to properly sanitizing user-supplied input to LABEL_ID parameter.

Affected

Dell KACE K1000 Systems Management Appliance version 5.5.90545

Detection

Get the installed version of Dell KACE K1000 SMA with the help of detect NVT and check the version is vulnerable or not.

References

http://www.kace.com/support/resources/kb/solutiondetail?sol=SOL120154
http://www.kb.cert.org/vuls/id/813382

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-0330
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Archiva Multiple Vulnerabilities
Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
Adobe ColdFusion Multiple Path Disclosure Vulnerabilities

Take action and discover your vulnerabilities