Summary
This host is running Dell KACE K1000 Systems Management Appliance and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow remote attackers to execute arbitrary script.
Impact Level: Application
Solution
Upgrade to latest version of Dell KACE K1000 SMA or Apply the workaround mentioned below link,
http://www.kace.com/support/resources/kb/solutiondetail?sol=SOL120154 For updates refer to http://www.kace.com/products/systems-management-appliance
Insight
The flaw is in adminui/user_list.php script which fails to properly sanitizing user-supplied input to LABEL_ID parameter.
Affected
Dell KACE K1000 Systems Management Appliance version 5.5.90545
Detection
Get the installed version of Dell KACE K1000 SMA with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-0330 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- @Mail 'admin.php' Cross-Site Scripting Vulnerabilities
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
- 123 Flash Chat Multiple Security Vulnerabilities
- Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability