CVE-2014-2879

Опубликовано: 17 апр. 2014

Источник: nvd

CVSS2: 4.3

EPSS Средний

Описание

Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2) the uploadLicenses parameter in the License management (settings_upload_dlicense.html) page.

Ссылки

http://seclists.org/fulldisclosure/2014/Mar/409
Exploit
Mailing List
Third Party Advisory
http://www.securityfocus.com/archive/1/531642/100/0/threaded
http://www.securityfocus.com/bid/66501
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1029965
Third Party Advisory
VDB Entry
http://www.sonicwall.com/us/shared/download/Support-Bulletin_Email-Security_Scripting_Vulnerability__Resolved_in__ES746.pdf
Broken Link
http://www.vulnerability-lab.com/get_content.php?id=1191
Exploit
http://seclists.org/fulldisclosure/2014/Mar/409
Exploit
Mailing List
Third Party Advisory
http://www.securityfocus.com/archive/1/531642/100/0/threaded
http://www.securityfocus.com/bid/66501
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1029965
Third Party Advisory
VDB Entry
http://www.sonicwall.com/us/shared/download/Support-Bulletin_Email-Security_Scripting_Vulnerability__Resolved_in__ES746.pdf
Broken Link
http://www.vulnerability-lab.com/get_content.php?id=1191
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sonicwall:email_security_appliance:*:*:*:*:*:*:*:*

Версия до 7.4.5 (включая)

EPSS

Процентиль: 93%

0.10572

Средний

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-f3fj-9xg7-49g7

github

больше 3 лет назад