OpenCVE

Cross-site scripting (XSS) vulnerability in adminui/user_list.php on the Dell KACE K1000 management appliance 5.5.90545 allows remote attackers to inject arbitrary web script or HTML via the LABEL_ID parameter.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Kace K1000 Systems Management Appliance Kace K1000 Systems Management Appliance Software

Configuration 1 [-]

AND

cpe:2.3:a:dell:kace_k1000_systems_management_appliance_software:5.5.90545:*:*:*:*:*:*:*

cpe:2.3:h:dell:kace_k1000_systems_management_appliance:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/102855
http://www.kb.cert.org/vuls/id/813382
http://www.securityfocus.com/bid/65333
https://exchange.xforce.ibmcloud.com/vulnerabilities/90954

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2014-02-06T23:00:00

Updated: 2024-08-06T09:13:09.993Z

Reserved: 2013-12-05T00:00:00

Link: CVE-2014-0330

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-02-06T23:55:03.993

Modified: 2024-11-21T02:01:53.597

Link: CVE-2014-0330

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-02-04T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in adminui/user_list.php on the Dell KACE K1000 management appliance 5.5.90545 allows remote attackers to inject arbitrary web script or HTML via the LABEL_ID parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-02T19:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "65333", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/65333"}, {"name": "102855", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/102855"}, {"name": "kace-cve20140330-xss(90954)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90954"}, {"name": "VU#813382", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/813382"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2014-0330", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in adminui/user_list.php on the Dell KACE K1000 management appliance 5.5.90545 allows remote attackers to inject arbitrary web script or HTML via the LABEL_ID parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "65333", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65333"}, {"name": "102855", "refsource": "OSVDB", "url": "http://osvdb.org/102855"}, {"name": "kace-cve20140330-xss(90954)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90954"}, {"name": "VU#813382", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/813382"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:13:09.993Z"}, "title": "CVE Program Container", "references": [{"name": "65333", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/65333"}, {"name": "102855", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/102855"}, {"name": "kace-cve20140330-xss(90954)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90954"}, {"name": "VU#813382", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/813382"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2014-0330", "datePublished": "2014-02-06T23:00:00", "dateReserved": "2013-12-05T00:00:00", "dateUpdated": "2024-08-06T09:13:09.993Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:kace_k1000_systems_management_appliance_software:5.5.90545:*:*:*:*:*:*:*", "matchCriteriaId": "D290C8C1-4ADF-468E-A6BB-7C734A5AC4DE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:kace_k1000_systems_management_appliance:-:*:*:*:*:*:*:*", "matchCriteriaId": "D035492A-E45C-443F-8714-6851826B0598", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in adminui/user_list.php on the Dell KACE K1000 management appliance 5.5.90545 allows remote attackers to inject arbitrary web script or HTML via the LABEL_ID parameter."}, {"lang": "es", "value": "Vulnerabilidad de XSS en adminui/user_list.php en Dell KACE K1000 management appliance 5.5.90545 permite a atacantes remotos inyectar script Web o HTML a trav\u00e9s del par\u00e1metro LABEL_ID."}], "id": "CVE-2014-0330", "lastModified": "2024-11-21T02:01:53.597", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-02-06T23:55:03.993", "references": [{"source": "cret@cert.org", "url": "http://osvdb.org/102855"}, {"source": "cret@cert.org", "tags": ["Exploit", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/813382"}, {"source": "cret@cert.org", "url": "http://www.securityfocus.com/bid/65333"}, {"source": "cret@cert.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90954"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/102855"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/813382"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/65333"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90954"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}