Cross-Site Scripting Vulnerability in Dell SonicWALL GMS and Analyzer
CVE-2014-5024

Currently unrated

Key Information:

Vendor: Sonicwall
Status: Uma Em5000; Global Management System; Analyzer
Vendor: CVE Published:; 24 July 2014

Summary

A cross-site scripting vulnerability exists in the sgms/panelManager component of Dell SonicWALL GMS, Analyzer, and UMA, prior to version 7.2 SP1. This vulnerability allows remote attackers to inject arbitrary web script or HTML through the node_id parameter, potentially leading to unauthorized actions taken on behalf of users who visit a compromised web page.

References

http://www.securityfocus.com/bid/68829

vdb-entryx_refsource_BID

https://support.software.dell.com/product-notification/12...

x_refsource_CONFIRM

http://seclists.org/fulldisclosure/2014/Jul/125

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability published
Jul 24, 2014
Vulnerability Reserved
Jul 22, 2014