Dell KACE K1000 LABEL_ID Cross Site Scripting Vulnerability

Summary
This host is running Dell KACE K1000 Systems Management Appliance and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow remote attackers to execute arbitrary script. Impact Level: Application
Solution
Upgrade to latest version of Dell KACE K1000 SMA or Apply the workaround mentioned below link, http://www.kace.com/support/resources/kb/solutiondetail?sol=SOL120154 For updates refer to http://www.kace.com/products/systems-management-appliance
Insight
The flaw is in adminui/user_list.php script which fails to properly sanitizing user-supplied input to LABEL_ID parameter.
Affected
Dell KACE K1000 Systems Management Appliance version 5.5.90545
Detection
Get the installed version of Dell KACE K1000 SMA with the help of detect NVT and check the version is vulnerable or not.
References