Cross-Site Scripting Vulnerability in Dell SonicWALL Products
CVE-2014-0332

Currently unrated

Key Information:

Vendor: Sonicwall
Status: Global Management System
Vendor: CVE Published:; 14 February 2014

Summary

A cross-site scripting (XSS) vulnerability exists in multiple Dell SonicWALL products, allowing remote attackers to inject arbitrary web scripts or HTML into affected systems. This vulnerability occurs through the node_id parameter when executing the genNetwork action within the ScreenDisplayManager interface. Attackers can exploit this defect to execute malicious scripts in the context of users’ browsers, which may lead to unauthorized actions, theft of sensitive data, or other malicious impacts on the system.

References

http://www.securityfocus.com/bid/65498

vdb-entryx_refsource_BID

http://www.kb.cert.org/vuls/id/727318

third-party-advisoryx_refsource_CERT-VN

https://exchange.xforce.ibmcloud.com/vulnerabilities/91062

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Feb 14, 2014
Vulnerability Reserved
Dec 5, 2013