CVE-2014-0332

Description

Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the node_id parameter in a ScreenDisplayManager genNetwork action.

Related CPE's

asonicwallglobal_management_system7.0*******

asonicwallglobal_management_system7.1*******

asonicwallglobal_management_system7.1sp1******

hsonicwalluma_e5000-*******

asonicwallanalyzer7.0*******

asonicwallanalyzer7.1*******

asonicwallanalyzer7.1sp1******

asonicwallglobal_management_system7.0*******

asonicwallglobal_management_system7.1*******

asonicwallglobal_management_system7.1sp1******

References

http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_XSS_Resolved_in_7.1_SP2_and_7.2.pdf

Vendor Advisory

VU#727318

Third Party AdvisoryUS Government Resource

103216

Broken Link

65498

Third Party AdvisoryVDB Entry

sonicwall-cve20140332-nodeid-xss(91062)

VDB Entry

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:M/Au:N/C:N/I:P/A:N

AccessVector

NETWORK

AccessComplexity

MEDIUM

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

PARTIAL

AvailabilityImpact

NONE

BaseScore

4.300000190734863

Created by Yello
About Severity.io