CVE-2014-5024

Description

Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id parameter.

Related CPE's

hsonicwalluma_em5000-*******

asonicwallglobal_management_system********

asonicwallanalyzer********

References

68829

ExploitThird Party AdvisoryVDB Entry

https://support.software.dell.com/product-notification/128245

Vendor Advisory

20140722 Reflected XSS vulnerabilities in DELL SonicWALL GMS 7.2 Build: 7221.1701 (CVE-2014-5024)

ExploitMailing ListThird Party Advisory

http://packetstormsecurity.com/files/127575/SonicWALL-GMS-7.2-Build-7221.1701-Cross-Site-Scripting.html

ExploitThird Party AdvisoryVDB Entry

60287

Third Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:M/Au:N/C:N/I:P/A:N

AccessVector

NETWORK

AccessComplexity

MEDIUM

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

PARTIAL

AvailabilityImpact

NONE

BaseScore

4.300000190734863

Created by Yello
About Severity.io