Cross-Site Scripting Vulnerabilities in Dell SonicWALL Email Security
CVE-2014-2879

Currently unrated

Key Information:

Vendor: Sonicwall
Status: Email Security Appliance
Vendor: CVE Published:; 17 April 2014

Summary

Dell SonicWALL Email Security versions 7.4.5 and earlier are vulnerable to multiple cross-site scripting (XSS) vulnerabilities. These allow remote authenticated administrators to inject arbitrary web scripts or HTML through the 'uploadPatch' parameter on the 'System/Advanced' settings page and the 'uploadLicenses' parameter in the 'License Management' settings page. This vulnerability poses a significant risk, potentially allowing attackers to execute malicious scripts in the context of the affected application.

References

http://www.securitytracker.com/id/1029965

vdb-entryx_refsource_SECTRACK

http://www.vulnerability-lab.com/get_content.php?id=1191

x_refsource_MISC

http://www.securityfocus.com/archive/1/531642/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

13% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 17, 2014
Vulnerability Reserved
Apr 17, 2014