Lucene search

[email protected]CVE-2014-2879

HistoryApr 17, 2014 - 2:55 p.m.

CVE-2014-2879

2014-04-1714:55:12

CWE-79

[email protected]

web.nvd.nist.gov

xss

dell sonicwall

email security

cve-2014-2879

nvd

cross-site scripting

remote authentication

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2) the uploadLicenses parameter in the License management (settings_upload_dlicense.html) page.

Affected configurations

NVD

Node

sonicwallemail_security_applianceRange≤7.4.5

CPENameOperatorVersion
sonicwall:email_security_appliancesonicwall email security appliancele7.4.5

CPE	Name	Operator	Version
sonicwall:email_security_appliance	sonicwall email security appliance	le	7.4.5

References

seclists.org/fulldisclosure/2014/Mar/409

www.securityfocus.com/archive/1/531642/100/0/threaded

www.securityfocus.com/bid/66501

www.securitytracker.com/id/1029965

www.sonicwall.com/us/shared/download/Support-Bulletin_Email-Security_Scripting_Vulnerability__Resolved_in__ES746.pdf

www.vulnerability-lab.com/get_content.php?id=1191

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.0%

JSON

Related for CVE-2014-2879

vulnerlab2 cvelist1 prion1 nvd1